You are here: Home / Legal / LibreMailCal / LibreMailCal Privacy Policy

LibreMailCal Privacy Policy

by Hawke Robinson published Feb 24, 2026 05:05 PM, last modified Feb 24, 2026 05:54 PM
LibreMailCal Privacy Policy Information below

Effective Date: 2026.02.24
Developer: William Hawkes-Robinson

Overview

LibreMailCal is a cross-platform email, calendar (CalDAV), contacts (CardDAV), chat (Matrix), and alerts (ERPNext) client application. It is designed from the ground up to respect user privacy. The application does not collect, transmit, or share any user data with the developer, any third parties, or any services that the user has not explicitly configured themselves.

This privacy policy describes what data the application handles, how it is stored, and where it is transmitted.

Data the Application Stores

LibreMailCal stores the following categories of data locally on the user's device:

Account Credentials

When the user adds an email, CalDAV, CardDAV, Matrix, or ERPNext account, the application stores:

  • Server hostnames, ports, and usernames in a local SQLite database on the device
  • Passwords, API keys, and access tokens in the platform's secure credential storage (Android Keystore, iOS Keychain, or Linux libsecret) — these are never stored in the database itself

Synchronized Content

The application stores a local copy of data that the user synchronizes from their configured servers:

  • Email: message headers, bodies, folder structure, and attachment metadata (attachments are downloaded on-demand to temporary storage)
  • Calendar: event summaries, descriptions, locations, dates, times, recurrence rules, and reminders
  • Contacts: names, email addresses, phone numbers, organizations, and notes
  • Chat: message text, timestamps, sender information, and media file metadata
  • Alerts: notification subjects, content, timestamps, and read status

Application Settings

User preferences such as theme mode, sync intervals, and notification settings are stored locally on the device.

Data Transmission

Where Data Is Sent

LibreMailCal transmits data only to servers that the user has explicitly configured by adding an account. These include:

  • IMAP and SMTP servers for email retrieval and sending
  • CalDAV servers for calendar synchronization
  • CardDAV servers for contacts synchronization
  • Matrix homeservers for chat messaging and media
  • ERPNext servers for notification alerts
  • ICS feed URLs for read-only calendar subscriptions

All network communication uses encrypted connections (TLS/SSL).

Where Data Is NOT Sent

LibreMailCal does not transmit any data to:

  • The developer or any affiliated entity
  • Any analytics, telemetry, or crash reporting service
  • Any advertising network or data broker
  • Any third-party service not explicitly configured by the user
  • Google, Apple, Meta, Microsoft, or any other platform vendor (beyond what the operating system itself may do independently of this application)

The application contains no analytics SDKs, no tracking libraries, no crash reporting services, and no telemetry of any kind.

Permissions

Android

The application requests the following permissions:

  • Internet access: required for connecting to the user's configured email, calendar, contacts, chat, and alerts servers
  • Network state: used to detect whether the device has an active network connection before attempting synchronization
  • Notifications: used to display local notifications for new emails and calendar reminders (Android 13 and later require explicit permission)

The application does not request access to the device's contacts, calendar, location, camera, microphone, or storage beyond its own application-scoped directories.

iOS

The application may request:

  • Camera access: optional, only if the user chooses to take a photo for a contact entry
  • Photo library access: optional, only if the user chooses to select a photo for a contact entry

Third-Party Services

LibreMailCal does not integrate with any third-party services. All server connections are initiated solely by the user's account configuration. The application is compatible with any standards-compliant server implementation (any IMAP/SMTP server, any CalDAV server, any CardDAV server, any Matrix homeserver, any ERPNext instance). There is no dependency on or preference for any particular service provider.

Data Retention and Deletion

All data is stored locally on the user's device. The user has full control over data retention:

  • Deleting an account from the application removes all associated data from the local database and removes credentials from secure storage
  • Uninstalling the application removes all locally stored data
  • The application does not maintain any cloud backup, remote copy, or off-device record of the user's data

Children's Privacy

LibreMailCal does not knowingly collect any data from children under 13 years of age. The application does not collect data from any user — it is a tool that connects to the user's own servers.

Open Source

LibreMailCal is free and open source software, licensed under the GNU Affero General Public License version 3.0 (AGPL-3.0). The source code is publicly available for inspection and audit.

Changes to This Policy

If this privacy policy is updated, the revised version will be posted at this URL with an updated effective date. Because the application does not collect contact information, users are encouraged to check this page periodically.

Contact

For questions about this privacy policy or the application's data handling practices:

2026.02.24 — Spokane, Washington, USA