Back
Privacy Policy
🇬🇧 English 🇪🇸 Español 🇫🇷 Français 🇩🇪 Deutsch 🇮🇹 Italiano 🇧🇷 Português 🇯🇵 日本語 🇨🇳 中文 🇰🇷 한국어 🇷🇺 Русский

Privacy Policy

Last Updated: May 11, 2026

Techster Dynamics ("we," "us," or "our") operates Clacks (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Information You Provide

When you register and use the Service, we collect:

  • Account Information: Email address, password (hashed), display name
  • Profile Settings: Language preference, timezone, notification preferences
  • Email Account Credentials: POP3/IMAP server details and passwords (stored encrypted)
  • OAuth Tokens: Google OAuth tokens for Gmail access (stored encrypted)

1.2 Information Collected Automatically

When you use the Service, we automatically collect:

  • Usage Data: Pages visited, features used, actions taken
  • Device Information: Browser type, operating system, device type
  • Log Data: IP address, access times, error logs
  • Cookies: Session cookies and preference cookies

1.3 Email Data

To provide the forwarding service, we process:

  • Email Metadata: Sender, recipient, subject, date/time
  • Email Content: Message body and attachments (for forwarding only)
  • Headers: Technical email headers required for delivery

Important: Email content is processed in transit for forwarding purposes and is not permanently stored on our servers.

2. How We Use Your Information

We use your information to:

2.1 Provide the Service

  • Create and manage your account
  • Connect to your email accounts
  • Forward emails between accounts
  • Process routing rules and filters
  • Enable "Send Mail As" functionality

2.2 Improve the Service

  • Analyze usage patterns and trends
  • Identify and fix bugs or issues
  • Develop new features and improvements
  • Optimize performance and reliability

2.3 Communicate with You

  • Send service-related notifications
  • Respond to support requests
  • Notify you of important updates or changes
  • Send security alerts when necessary

2.4 Ensure Security

  • Detect and prevent fraud or abuse
  • Monitor for unauthorized access
  • Enforce our Terms of Service
  • Protect the rights and safety of users

3. Data Storage and Security

3.1 Data Storage

Your data is stored on secure servers with:

  • Industry-standard encryption for data at rest
  • TLS encryption for data in transit
  • Regular security audits and updates
  • Redundant backups for disaster recovery

3.2 Credential Security

Email account credentials are protected using:

  • XChaCha20-Poly1305 authenticated encryption (via libsodium) with per-secret Data Encryption Keys
  • Envelope encryption with Key Encryption Keys (KEK) stored separately from encrypted data
  • Secure key management practices
  • No plain-text storage of passwords or tokens

3.3 Security Measures

We implement multiple security layers:

  • Two-factor authentication (2FA) option
  • Rate limiting and brute-force protection
  • Session management and secure cookies
  • Regular security testing and monitoring

4. Data Sharing and Disclosure

4.1 We Do Not Sell Your Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4.2 Service Providers

We may share data with trusted service providers who assist us in:

  • Hosting and infrastructure services
  • Email delivery and processing
  • Analytics and monitoring
  • Customer support tools

These providers are bound by confidentiality agreements and may only use data to provide services to us.

4.3 Legal Requirements

We may disclose your information if required to:

  • Comply with legal obligations or court orders
  • Protect our rights, property, or safety
  • Prevent fraud or illegal activities
  • Respond to lawful requests from authorities

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you of any such change and the choices you may have.

5. Third-Party Services

5.1 Google Services

The Service integrates with Google Gmail through OAuth 2.0:

  • We request the following Gmail permissions, each required for a specific feature:
    • Email Import (gmail.insert): Import emails from external accounts into your Gmail inbox via the Gmail API
    • Label Application (gmail.modify): Apply custom labels to imported messages and verify your Gmail account identity. This scope technically permits read/write access to messages; however, Clacks only uses it for labelling imported messages and verifying account identity — it does not read or modify your existing Gmail messages
    • Label Organisation (gmail.labels): Create and list custom Gmail labels for categorising imported messages
    • Send Mail As (gmail.settings.basic, gmail.settings.sharing): Configure and manage external email addresses for sending through Gmail
  • We request only the minimum permissions necessary for each feature
  • Google's Privacy Policy applies to your Gmail data
  • You can revoke access at any time through your account settings or Google Account settings
  • Upon disconnection, we revoke our access tokens with Google

5.2 External Email Providers

When you connect POP3/IMAP accounts:

  • Your provider's privacy policy applies to that account
  • We only access data necessary for the forwarding service
  • Connection credentials are stored encrypted

6. Cookies and Tracking

6.1 Cookies We Use

Cookie Type Purpose Duration
Session Authentication and security Session
Preferences Language, theme settings 1 year
Locale Language preference 1 year

6.2 Cookie Management

You can manage cookies through your browser settings. Note: Disabling essential cookies may affect Service functionality.

6.3 Analytics

We use Umami, a privacy-focused, open-source analytics platform to understand how our Service is used. Umami:

  • Does not use cookies for tracking
  • Does not collect personal information
  • Does not track users across websites
  • Is fully GDPR, CCPA, and PECR compliant
  • Only collects anonymized, aggregate data (page views, referrers, device types)

Analytics data is hosted on our own infrastructure and is not shared with third parties.

7. Data Retention

7.1 Active Accounts

While your account is active, we retain:

  • Account information and settings
  • Connection credentials (encrypted)
  • Usage logs (for troubleshooting)

7.2 Email Data

  • Email content is processed in real-time and not permanently stored
  • Message history/logs are retained for a limited period (typically 30-90 days)
  • Failed message logs are retained for troubleshooting

7.3 Account Deletion

When you delete your account:

  • Account data is permanently deleted within 30 days
  • Encrypted credentials are securely destroyed
  • Backup copies are purged according to our retention schedule
  • Some anonymized data may be retained for analytics

8. Your Rights and Choices

Depending on your jurisdiction, you may have the right to:

8.1 Access

Request a copy of the personal data we hold about you.

8.2 Correction

Request correction of inaccurate or incomplete data.

8.3 Deletion

Request deletion of your personal data, subject to legal obligations.

8.4 Portability

Request a machine-readable copy of your data.

8.5 Objection

Object to certain processing of your data.

8.6 Restriction

Request restriction of processing in certain circumstances.

8.7 Withdrawal of Consent

Withdraw consent for processing based on consent.

To exercise these rights, contact us through the application. We will respond within 30 days.

9. International Data Transfers

If you access the Service from outside our primary operating jurisdiction:

  • Your data may be transferred to and processed in other countries
  • We ensure appropriate safeguards are in place
  • By using the Service, you consent to such transfers

10. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we discover that a child has provided us with personal information, we will promptly delete it.

11. Regional Privacy Rights

11.1 European Economic Area (EEA)

If you are in the EEA, you have rights under the General Data Protection Regulation (GDPR). Our legal bases for processing include:

  • Contract: To provide the Service you requested
  • Consent: For optional features and communications
  • Legitimate Interest: For security, analytics, and improvement

11.2 California Residents

California residents have rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect
  • Right to delete personal information
  • Right to opt-out of sale (we do not sell data)
  • Right to non-discrimination

12. Security Incident Response

In the event of a data breach:

  • We will investigate and contain the incident promptly
  • We will notify affected users within 72 hours (where required by law)
  • We will provide information about the nature of the breach and remediation steps
  • We will report to relevant authorities as required

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email or through the Service.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Registered Office: 86-90, Paul Street, London EC2A 4NE

Techster Dynamics is a trading name of Techster Ltd, a company registered in England & Wales (No. 17005321) with its registered office at 86-90, Paul Street, London EC2A 4NE.

We aim to respond to all inquiries within 30 days.

Techster Dynamics © 2026 — All rights reserved.

Last Updated: 11 May 2026