Privacy Policy

Last updated: April 21, 2026

1. Overview

Cloudbreak ("we", "our", "the app") is a macOS application developed by Florian Oefner that filters your email inbox using a local AI model. Privacy is fundamental to how Cloudbreak is built — all email processing happens entirely on your Mac.

This privacy policy explains what data Cloudbreak accesses, how it is used, how it is stored, and what information (if any) is shared with third parties. This policy applies to both the Cloudbreak macOS application and the Cloudbreak website (cloudbreak.email).

2. Data Cloudbreak Accesses

Cloudbreak connects to your email accounts via IMAP or OAuth (for Gmail) to read incoming messages and archive those it identifies as unimportant. Specifically, Cloudbreak accesses:

  • Email message metadata (sender, subject line, date)
  • Email message body content (to determine importance)

Cloudbreak does not access email attachments, contact lists, address books, calendars, or any other data beyond what is listed above.

3. How Your Data Is Used

Cloudbreak uses your email data for one purpose only: to determine whether an email should remain in your inbox or be archived. This is the app's core and only user-facing feature.

  • A local AI model (Qwen 2.5 3B) runs on your Mac to analyze each email.
  • The model classifies emails based on your customizable filtering rules.
  • Emails identified as unimportant are moved to your Archive folder.
  • Cloudbreak can only archive emails. It cannot delete, send, forward, or reply to emails.

Your email data is never used for advertising, analytics, profiling, model training, or any purpose other than the filtering functionality described above.

4. Data Storage & Retention

  • Email content is not stored. Cloudbreak processes emails in memory and does not maintain its own copy of your messages. No email content is written to disk.
  • Credentials are stored in macOS Keychain. Your IMAP credentials or OAuth tokens are stored securely in the macOS Keychain, protected by your system's encryption. They are never transmitted to us or any third party.
  • Activity log is stored locally. Cloudbreak keeps a local log of filtering decisions (which emails were archived or kept). This log is stored on your Mac and is never transmitted off your device.
  • No server-side storage. We do not operate servers that store any of your data. There is no account system and no cloud storage.

Uninstalling Cloudbreak removes all locally stored data, including the activity log and cached preferences. Your emails and Archive folder remain untouched in your email account.

5. Data Sharing & Third Parties

Cloudbreak does not share, transfer, sell, or disclose your email data to any third party. Specifically:

  • No email content, metadata, or credentials are transmitted to external servers.
  • No data is shared with advertising platforms, data brokers, or analytics services.
  • No data is used for personalized or targeted advertising.
  • No human at Cloudbreak can read your emails — all processing is automated and local.
  • The AI model runs entirely on-device and makes no network requests to process your emails.

Data may only be disclosed if required by law, but given that we do not collect or store your email data, there is nothing to disclose.

6. Google OAuth & Gmail API Scopes

If you connect a Gmail account using Google sign-in, Cloudbreak requests the following OAuth scopes:

  • Full mailbox access (https://mail.google.com/) — required for IMAP access to read incoming emails and archive unimportant ones.
  • OpenID & email (openid, email) — to identify your account during sign-in.

The full mailbox scope is required because Cloudbreak connects via IMAP, which does not support narrower scopes. Despite having broad access, Cloudbreak only performs two operations: reading emails to assess importance, and archiving (moving to Archive) those identified as unimportant. Cloudbreak does not send, delete, forward, or compose emails.

Cloudbreak's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • Google user data is used only to provide the email filtering feature visible in the app's interface.
  • Google user data is not transferred to any third party, except as necessary for security or legal compliance.
  • Google user data is not used for advertising, market research, or email campaign targeting.
  • No human reads your Google user data; all processing is automated and on-device.

7. Analytics

Cloudbreak App

Cloudbreak collects anonymous, non-personal product usage analytics (such as app launches and feature usage) to help improve the product. These analytics:

  • Do not contain any email content, subject lines, sender information, or personal data.
  • Cannot be used to identify individual users.
  • Can be fully opted out in Cloudbreak's Settings under the General tab.

Cloudbreak Website

The Cloudbreak website (cloudbreak.email) uses OpenPanel for privacy-friendly website analytics. No cookies are used for tracking. No personal data is collected.

8. Security

Cloudbreak is designed with a zero-trust architecture:

  • All email processing happens locally on your Mac — no data leaves your device.
  • Credentials are stored in the macOS Keychain, which uses hardware-backed encryption.
  • The app is code-signed and notarized by Apple.
  • Automatic updates are delivered securely via Sparkle with EdDSA signature verification.

9. Children's Privacy

Cloudbreak is not directed at children under the age of 13 and does not knowingly collect personal information from children.

10. Changes to This Policy

We may update this privacy policy from time to time. If we make material changes to how we handle user data, we will notify users and request consent before implementing the new practices. Changes will be posted on this page with an updated revision date.

11. Contact

If you have questions about this privacy policy or want to request deletion of any data, contact us at privacy@cloudbreak.email.