liber.

Privacy Policy

liber is an email client whose engine runs entirely on your own device. We do not operate a server that receives, stores, or processes your email. This policy explains what that means in practice.

Last updated: June 20, 2026

The short version

  • Your email, credentials, and OAuth tokens stay on your device.
  • We run no backend database and keep no copy of your mail.
  • The network relay only ever forwards encrypted bytes it cannot read.
  • No advertising, no analytics, no tracking, no AI/ML training on your data.

What liber accesses, and why

With your explicit permission, liber connects to the email accounts you configure (Gmail, or any IMAP/SMTP or POP3 provider) to do the things an email client does: list, read, search, organize, compose, and send your mail. For Gmail accounts, liber requests a single Google scope, gmail.modify, which covers reading, organizing (labels, read/unread, archive, move to trash), composing drafts, and sending.

Where your data lives

Everything liber needs is stored locally in your browser's Origin Private File System (OPFS), encrypted at rest, or — in the desktop app — in your user profile directory. There is no liber account and no liber cloud. We never receive your messages, your mailbox password, or your Google data on any server we operate.

The relay, and why it can't read your mail

Browsers cannot open raw mail-server connections, so the web version of liber routes its connections through a lightweight relay (a Cloudflare Worker). Crucially, the encrypted TLS session is terminated inside liber's WebAssembly on your device — not on the relay. The relay therefore only ever forwards opaque, encrypted bytes; it cannot read your mail, your credentials, or your tokens, and it stores nothing. The desktop app makes these connections directly from your own machine and uses no remote relay at all.

Google user data — Limited Use

liber's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • liber only uses Google user data to provide the email features you request, on your device.
  • liber does not transfer Google user data to any server we operate or to any third party.
  • liber does not use Google user data for advertising.
  • liber does not use Google user data to train generalized or personalized AI/ML models.
  • No human at liber reads your Google user data — it is not technically possible to.

OAuth tokens

When you sign in with Google, the resulting access token is held in memory on your device only and is never written to a liber server. On the desktop app, a refresh token is kept in memory for the duration of the session so it can renew access without re-prompting.

Revoking access and deleting data

You can revoke liber's access to your Google account at any time at myaccount.google.com/permissions. To remove the locally cached data, remove the account inside liber, clear the site's storage in your browser, or uninstall the desktop app.

Changes

If this policy changes, the updated version will be posted here with a new effective date.

Contact

Questions about privacy: nick@heyer.app.