Kestrel Mail

Legal

Privacy Policy

Last updated March 27, 2026

Kestrel Mail is a native macOS email client. This policy explains what data the app handles, what it collects, and what services it communicates with.

The short version: your email stays on your Mac and your mail servers. We don't collect analytics, we don't run telemetry, and we don't have access to your email.

Your email data

Kestrel Mail operates locally on your Mac and communicates directly with your email servers over encrypted connections. Your email messages, drafts, and attachments are stored in a local database on your device. Authentication credentials are stored in the macOS Keychain.

We do not operate any servers that relay, store, or have access to your email content. The app connects to your mail servers — not ours.

What we collect

Kestrel Mail does not collect personal data. There is no analytics, no crash reporting, no usage tracking, and no telemetry of any kind. The app does not phone home.

Network communication

The app communicates over the network for the following purposes only:

  • Mail sync — connecting to your IMAP and SMTP servers to fetch and send email.
  • Authentication — OAuth sign-in flows with Google or Microsoft when you use a Gmail or Microsoft 365 account.
  • Model pack download — if you choose to install the optional enhanced AI model pack, the app downloads it from our servers (see below).

All server connections use TLS. The app will not connect over plaintext.

Third-party services

When you sign in with a Gmail or Microsoft 365 account, the app uses OAuth authentication provided by Google or Microsoft respectively. These sign-in flows are governed by each provider's own privacy policy. Kestrel Mail requests only the scopes necessary for IMAP and SMTP access.

For generic IMAP accounts, authentication is handled directly between the app and your mail server with no third party involved.

AI summaries

Message and conversation summaries are generated entirely on your device using Apple Foundation Models or the optional local model pack. No email content is sent to any external service — cloud or otherwise — for summarization.

Model pack downloads

If you choose to install the optional enhanced AI model pack, the app contacts our download server to retrieve the model files. This request is authenticated with an API key and does not transmit any personal data or email content. The model files are stored locally on your Mac.

Data storage and security

  • Account credentials are stored in the macOS Keychain.
  • Saved drafts are encrypted on disk.
  • Cached messages and attachments are stored in a local SQLite database.
  • Known email trackers are blocked before loading.
  • Message content is sanitized before rendering, with safeguards against script injection, embedded forms, and URL hijacking.

Children

Kestrel Mail is not directed at children under 13. We do not knowingly collect information from children. If you believe a child has provided data through the app, please contact us and we will take steps to address it.

Changes to this policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date.

Contact

If you have questions about this privacy policy or how Kestrel Mail handles your data, you can reach us at privacy@kestrelmail.app.