Release-candidate privacy notice

Your mail and photos are not a Snapattic dataset.

Snapattic recovers attachments on your Mac. Mail and photo bytes travel directly from Gmail to your computer. Test checkout and purchase restoration use a separate test licensing service.

In brief: recovery traffic goes directly from Gmail to your Mac over encrypted IMAP. Snapattic does not send mail or photo bytes through its own service. Test checkout and purchase restoration can contact the test licensing service with account and entitlement data. The release candidate has no analytics, advertising or cloud photo library.

Recovery and test-entitlement data

Snapattic connects directly to Gmail over TLS IMAP. Gmail receives the normal sign-in request and returns the message parts needed for recovery. The app opens mailboxes read-only and fetches without marking messages read; it does not move, copy, delete, flag, append, or send mail.

Mail content, attachment bytes, filenames, photo paths, hashes, scan counts and the App Password are not sent to a Snapattic recovery service. If you use test checkout or Restore purchase, the app can contact the test licensing service with the Gmail address used for the test entitlement. It does not receive your mail, recovered photos or App Password.

Data on your Mac

Accepted photos are ordinary files under your Pictures folder, separated by account and email year. Downloaded small or likely non-photo images can remain in a local review folder rather than the main archive.

Snapattic also keeps local settings, resume checkpoints, preview records, and deduplication information in its macOS application-data directory. Removing the app bundle does not automatically remove those files or the photos you recovered.

Photo processing
On your Mac
Mail behaviour
Read-only; no message-state changes
Analytics
None
Snapattic services
No mail or photo storage; test licensing only

How Snapattic handles the App Password

Google App Passwords are broad account credentials; they are not restricted to read-only access by Google. Snapattic’s read-only behavior is an application rule backed by protocol tests. Create a dedicated App Password for the session, keep it private, and revoke it in Google when you are finished.

The password is session-only by default. If you deliberately choose to remember it in the macOS app, it is kept using secure system storage. You can forget it in the app. The alpha never needs your main Google account password.

Privacy on this website

This is a static information site. Snapattic adds no analytics script, tracking pixel, advertising network, user account, cookie banner, or data-submission form. The hosting and network providers may process ordinary connection information needed to deliver a web page, such as an IP address and request headers; Snapattic does not turn that traffic into product analytics.

Revoke, forget, and remove

  1. Stop recovery and quit Snapattic.
  2. Use the app’s forget control if you chose to remember the App Password.
  3. Remove the dedicated App Password in Google Account security settings.
  4. Delete recovered output and local app data only if you also want those local files removed.

Revoking the App Password stops future Gmail access. It does not delete photos already saved on your computer. Local deletion is irreversible, so review what you want to keep first. The access-revocation guide covers reconnection after a password is removed.

Feedback during testing

Use the private contact supplied with your invitation. For setup and recovery feedback, share only aggregate results. For a test-entitlement problem, share the canonical Gmail address and minimum Stripe test receipt reference only through that private contact. Never send an App Password, account password, mail content, recovered photo, local path, raw log, hash, licence token, card detail or promotion code.