Privacy Policy

Effective date: May 2025 · MailCue v0.9

MailCue is a macOS app that helps you draft replies to email. This policy explains exactly what the app reads, what it transmits, what is retained, and what it will never do.

What MailCue reads on your device

When you submit a reply intent, MailCue uses macOS Accessibility/AppleScript to read the single email message you currently have selected in Apple Mail. It reads: the sender address, the subject line, and the message body.

MailCue does not scan your inbox, read other messages, access attachments, or index your mail in any way. Nothing is read until you explicitly submit an intent.

What MailCue sends over the network

When you submit an intent, MailCue sends the following to MailCue's backend service over TLS (HTTPS):

Your reply intent (the text you typed)
The selected message's sender, subject, and body
Your license key (for authentication; never logged)

This data is transmitted solely to generate a draft reply. It is not sold, shared with advertisers, or used for any other purpose.

What is retained — and what is not

Zero retention policy: MailCue's backend processes your message content in memory and does not write it to any database or log file. The upstream AI provider used by MailCue operates under a zero-retention data processing agreement — it does not store or train on your message content.

Specifically, neither MailCue's servers nor the AI provider it uses retain:

The body of any email you select
The draft replies generated for you
Your reply intent text
Your sender/recipient addresses from mail content

What is stored locally on your Mac

MailCue stores a small amount of data on your device only:

License key — stored in macOS Keychain (encrypted at rest, accessible only to MailCue).
Sent log — a lightweight on-disk record of when messages were sent (timestamp + subject line only, no body content). Used to power the 30-second undo window.
Chat history — your intent prompts and Pouchy's reply bubbles are stored in UserDefaults for the current session only. Mail content (message bodies, sender addresses) is never written to UserDefaults.
App preferences — window position and settings stored in UserDefaults.

All local data lives in the standard macOS app container (~/Library/Containers/com.izhiwen.MailCue/). Deleting the app removes its container.

What MailCue never does

Reads email messages you have not selected
Sends any email without your explicit tap on the Send button
Accesses your Contacts, Calendar, Files, or any other app
Runs in the background when you are not using it
Tracks you across apps or websites
Shows you ads
Sells your data to any third party
Sends analytics or crash reports to third-party services

AppleScript and Automation permissions

macOS requires your explicit permission before MailCue can control Apple Mail via AppleScript. When prompted, you may grant or deny this permission. Without it, MailCue cannot read the selected message or dispatch replies — but the app will continue to run.

You can review or revoke this permission at any time in System Settings → Privacy & Security → Automation.

Changes to this policy

If the data practices described here change in a future version, this page will be updated and the effective date revised. Material changes will be noted in the release notes.

Contact

Questions about privacy? Email izhiwen@icloud.com.