What is Mail Tracker for Gmail?

Mail Tracker is a free Chrome extension that allows you to track your Gmail emails in real-time with read receipts and instant notifications.

How to get read receipts for Gmail?

Install Mail Tracker extension for free. It automatically adds invisible tracking to your emails and sends you instant notifications when recipients open your emails.

Is Mail Tracker free?

Yes! Mail Tracker offers free email tracking for Gmail with unlimited read receipts and instant notifications. Premium features are available for advanced analytics.

How does email tracking work?

Mail Tracker uses invisible tracking pixels embedded in your emails. When the recipient opens your email, the pixel loads and triggers an instant notification to you.

Can recipients see that I'm tracking emails?

No, Mail Tracker uses invisible tracking technology. Recipients cannot see the tracking pixel, making it completely discreet and professional.

Privacy Policy for Mail Tracker

Effective Date: April 23, 2025

Welcome to Mail Tracker! This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and email tracking services (collectively, the "Service"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

1. Information We Collect

We may collect information about you in a variety of ways. The information we may collect via the Service includes:

Personal Data You Provide Directly:
- When you register or log in using your Google Account, we collect your Google ID (email address), name, and profile picture as provided by Google.
- User preferences you set within the application, such as preferred language, timezone, and notification settings.
- Your approximate country of residence, derived from your IP address, stored for internal analytics purposes.
Information Collected Automatically:
- Google Authentication Tokens: We store access and refresh tokens provided by Google OAuth to securely interact with your Gmail account on your behalf as necessary to provide the Service.
- Email Tracking Data: When you create a tracking pixel, we store its unique ID, type (with/without signature), your associated Google ID, and the notification setting for that tracker. We also maintain a counter of how many times the tracker is activated (email opened).
- Email Read Events: Each time a tracked email is opened, we record the timestamp, the associated tracking ID, and the email's thread ID.
- Push Notification Subscriptions: If you enable browser push notifications, we store the subscription endpoint and keys provided by your browser, linked to your Google ID.
- API Keys: If you generate an API key for programmatic access, we store the key linked to your Google ID.
- Usage Data: Like most web services, our servers may automatically log standard information such as your IP address, browser type, operating system, access times, and referring website addresses.
- User Journey Data: We record onboarding milestones and their timestamps (e.g., extension installation, first tracker created, notification activated, premium subscription activated) as well as time-to-action metrics, to improve the onboarding experience.
- Extension Uninstall Feedback: If you voluntarily provide feedback when uninstalling the Chrome extension, we collect your stated reason(s), optional free-text comments, browser and OS information, and - if you explicitly consent - your contact email for follow-up.
- Abandoned Payment Metadata: If you initiate but do not complete a checkout, we temporarily store your IP address and browser user-agent alongside the payment session, to enable session recovery and fraud prevention.
Information from Third Parties:
- Google: We receive confirmation of successful authentication and your basic profile information during login. We may also check the validity status of your authentication tokens with Google.
- Stripe: If you subscribe to a paid plan, we receive information from Stripe, our payment processor, such as confirmation of payment, subscription status updates (created, updated, canceled), your Stripe Customer ID, and Stripe Subscription ID. We do not directly collect or store your payment details.
Information Accessed via Google API (Gmail):
- To provide the core tracking functionality and context, when a tracking pixel is activated or when you view your tracking history, we use the stored Google access token to interact with the Gmail API on your behalf. Specifically, we access:
  - Email Metadata: We search your "Sent" folder for the email containing the specific tracking ID and retrieve its metadata, including the Subject line, Recipient email addresses (from the 'To' field), and the time the email was sent (`internalDate`).
  - Gmail Labels: We read and apply Gmail labels to identify and organize the emails you choose to track.
- We request the `https://www.googleapis.com/auth/gmail.readonly` scope during authentication to perform these actions. This is a read-only permission that does not allow us to modify, delete, or add content to your emails. We do not access the content (body) of your emails, nor do we read emails other than those specifically identified by a tracking ID you generated.

2. How We Use Your Information

Having accurate information permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Service to:

Create and manage your Mail Tracker account.
Authenticate you using Google Sign-In.
Generate tracking pixels for you to embed in your emails.
Detect when tracked emails are opened and record these events.
Display your email tracking history, including subject lines, recipients, and open timestamps.
Process payments and manage your subscription plan through Stripe.
Send you push notifications about email opens, if you have enabled them.
Send you essential transactional emails (e.g., welcome messages, payment confirmations/failures, subscription updates, account status changes).
Enable API access if you generate an API key.
Track your onboarding journey milestones (e.g., extension installation, first tracker created, notification activation) to improve the service experience.
Measure the open rate of transactional and marketing emails we send you using internal tracking pixels, for internal improvement purposes only. This data is never shared with third parties.
Monitor and analyze usage and trends to improve your experience with the Service.
Troubleshoot problems and respond to your support requests.
Maintain the security and integrity of our Service.

3. How We Share Your Information

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:

With Service Providers: We may share your information with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include:
- Google: For handling authentication (OAuth 2.0), interacting with the Gmail API (using your tokens as described above), sending transactional emails (using Gmail's SMTP service via Nodemailer), and potentially delivering push notifications via their infrastructure.
- Stripe: For processing payments, managing subscriptions, handling billing issues, and preventing fraud.
- Browser Push Services (e.g., Google FCM, Mozilla Push Service, Apple Push Notification Service): For delivering push notifications to your browser based on the subscription details provided by your browser.
- Discord: We send internal team notifications to a private Discord server via webhooks. These notifications include anonymized usage events (e.g., new subscription, extension uninstall) containing non-personally identifying data such as your account short ID, country, language, and subscription tier. Email addresses are never transmitted in plain text.
- Sentry: We use Sentry for application error monitoring. Before any data is transmitted, personal identifiers are sanitized: email addresses are hashed (SHA-256), authentication tokens and payment identifiers are removed. Only technical diagnostic data (stack traces, error messages, app version, and environment) is sent.
- Analytics Service (Umami): We use a self-hosted, privacy-focused analytics tool to collect aggregated, anonymous statistics on page views and navigation behavior. No personally identifiable information is transmitted to this service.
By Law or to Protect Rights: If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.
Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.

We do not sell your personal information to third parties.

4. Your Choices and Rights

Account Information: You can review and change your basic profile information (name, picture) through your Google Account settings.
Google Permissions: You can manage the permissions granted to Mail Tracker within your Google Account's security settings (under "Third-party apps with account access"). Please note that revoking the `gmail.readonly` permission will prevent the core email tracking functionality from working.
Notifications: You can enable or disable push notifications for individual trackers within the Mail Tracker application. You can also manage your overall notification preference in your user settings. Additionally, you can control push notification permissions at the browser level.
Subscriptions: You can manage your subscription plan and payment methods through the Stripe Billing Portal, accessible via your Mail Tracker user settings.
Data Access and Deletion: You may request a full export of your personal data - delivered as a downloadable ZIP archive via a secure link valid for 72 hours - or request that we permanently delete your personal data by contacting us at contact@mail-tracker.app. Upon receiving a deletion request, a 72-hour grace period applies before permanent deletion takes effect; you may cancel the request during this window. Please note that deleting your account will result in the permanent loss of all associated tracking data and history. We may retain certain information as required by law (e.g., audit logs) or for legitimate business purposes.

5. Data Security

We use administrative, technical, and physical security measures to help protect your personal information. We use encryption (TLS/SSL) for data transmitted between your browser and our servers. Google authentication tokens and other sensitive credentials are stored securely. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.

6. Data Retention

We retain your personal data for the following periods: account data (profile, preferences, authentication tokens) is kept for as long as your account is active; JWT access tokens expire after 15 minutes and refresh tokens after 30 days; orphaned tracking pixels are automatically deleted after 30 days; payment audit records (processed invoices) are automatically deleted after 90 days; application logs are rotated daily and retained for 14 days (30 days for audit and error logs); activity audit logs and GDPR compliance logs are retained indefinitely for security and legal compliance. Upon account deletion, all personal data is permanently removed following a 72-hour grace period. Information held by third parties (Stripe, Google) is retained according to their own policies.

7. Children's Privacy

Our Service is not intended for use by children under the age of 13 (or 16 in the European Economic Area), and we do not knowingly collect personal information from children under this age. If we become aware that we have collected personal information from a child under the relevant age without parental consent, we will take steps to delete that information.

8. International Transfers

Your information, including personal data, may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. Our primary service providers (Google, Stripe) operate globally, which may involve transferring your data to the United States and other locations. We rely on mechanisms like Standard Contractual Clauses or adequacy decisions where applicable for such transfers. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

10. Contact Information

If you have questions or comments about this Privacy Policy, please contact us at: contact@mail-tracker.app