MailGuard — Privacy Policy
Last updated: May 10, 2026
This document explains exactly what data MailGuard sees, where it goes, and what is and isn't kept.
TL;DR
- MailGuard reads the email you're currently viewing in Gmail in order to flag phishing/malware. It does not read your inbox in the background.
- For each opened email it sends sender, subject, link URLs, and attachment filenames to our backend so we can score it.
- The backend queries Google Safe Browsing, VirusTotal, and urlscan.io only with the URLs themselves — never your email content.
- We do not store the email content, sender, subject, or body. We cache "URL X is/isn't flagged" so repeat lookups are fast.
- No tracking, no ads, no analytics.
- Uninstall the extension to stop all data flow.
What the extension reads from your browser
When you open an email in Gmail (not before), the content script extracts:
- Sender display name and email address
- Subject line
- Plain-text body of the message
- All URLs visible in the message (the
href of every link)
- Filenames of any attachments (we do NOT read attachment bytes — Gmail's interface doesn't expose them)
- A per-email ID, used only to avoid scoring the same email twice
That data leaves your browser as a single POST request to our backend.
What the backend does with it
The backend is a Cloudflare Worker at https://mailguard-backend.lazizbek.workers.dev. It runs:
- Local heuristics — examines sender, URLs, text against known phishing patterns. No external calls.
- Google Safe Browsing v4 — sends only the URLs.
- VirusTotal v3 URL lookup — sends only the URLs.
- urlscan.io search — searches by hostname only.
We do not send to any third party: your sender address, email subject, body, name, or IP address.
What's stored
| Where | What | For how long |
|---|
| Cloudflare KV cache | "URL X has these flags" | 24h for hits, 1h for misses |
| Cloudflare KV cache | Per-IP request counter (rate limit) | 2 minutes |
| Your browser (chrome.storage.local) | Backend URL override (optional) | Until you uninstall |
| Cloudflare edge logs | HTTP request metadata (IP, time, path) | Cloudflare's standard retention |
We do not store: email content, sender, subject, body, recipient list, or user identity. The cache is keyed by URL/hostname, not by user.
What third parties may retain
- Google Safe Browsing — receives URLs; may log them per Google's policies.
- VirusTotal — receives URLs. VT is a public threat-intelligence platform; URLs submitted may be visible to other security researchers.
- urlscan.io — receives hostnames as search queries. Search queries are not made public.
- Cloudflare — hosts the worker; sees standard HTTP metadata.
Tracking, analytics, ads
None. No analytics SDKs in the extension or the worker. No ads. No tracking pixels.
Your choices
- Uninstall the extension. Data flow stops immediately.
- Override the backend URL in the extension popup — you can run your own copy of the worker.
Changes
If we ever change what data flows or where, this page changes and the "Last updated" date moves.
Contact
Open an issue on the project's GitHub repo, or email the developer at the address in the Chrome Web Store listing.