Last Updated: May 2026
Dizzy Monkey Design (“we”, “our”) built the Dizzy Monkey Gmail Notifier as a desktop utility for Windows. This policy explains what data the application stores on your device, why it is stored, and how it is protected. We have designed the application to collect only the minimum data required for it to function.
All data is stored locally on your Windows device. Nothing is uploaded to our servers because we do not operate any servers for this application.
| Data | Why it is stored | Where it is stored | Protection |
|---|---|---|---|
| Your Gmail address(es) | Required to identify which OAuth token belongs to which account and to label accounts in the interface | Windows user application settings (roaming profile) | Encrypted at rest using Windows DPAPI, scoped to your Windows user account |
| OAuth authentication tokens (access token + refresh token) | Allows the application to authenticate with Gmail without asking you to sign in again each time | %APPDATA%\dm-gmail-notify\tokens\ on your device |
Encrypted at rest using Windows DPAPI, scoped to your Windows user account |
Windows DPAPI (Data Protection API) is a Windows operating system feature that encrypts data using a key derived from your Windows login credentials. Encrypted data can only be decrypted by your Windows user account on your device — the raw files cannot be read by other users or by reading the files directly outside your Windows session.
The application retrieves only the minimum metadata needed to determine whether new unread messages have arrived (message IDs, timestamps, and inbox labels). This metadata is used transiently in memory to trigger a notification and is not written to disk.
Authentication is performed using Google OAuth 2.0. You sign in through Google’s own
sign-in page — your Google password is never entered into or seen by this application.
We request only the read-only Gmail scope
(https://www.googleapis.com/auth/gmail.readonly), which permits reading message
metadata but does not permit sending email, deleting messages, or modifying your account in
any way.
This application complies with the Google API Services User Data Policy, including its Limited Use requirements. Data obtained via Google APIs is used solely to provide the in-app notification feature and is not transferred, disclosed, or used for any other purpose.
The only network communication performed by the application is outbound HTTPS requests to Google’s official API endpoints:
accounts.google.com — OAuth token exchange and refreshgoogleapis.com — Gmail inbox polling (read-only)All requests use TLS encryption. OAuth tokens are transmitted as HTTP Authorization headers and never appear in URLs. No data is sent to any endpoint operated by Dizzy Monkey Design.
Your Gmail address and OAuth tokens are retained on your device until you disconnect the account using the application’s account manager. When you disconnect an account:
Uninstalling the application does not automatically remove stored tokens. To remove all stored data before uninstalling, disconnect all accounts in the application first.
The application writes operational log files to
%LOCALAPPDATA%\dm-gmail-notify\logs\.
Logs record connection events, polling activity, and errors to assist with troubleshooting.
Logs do not contain email addresses, email content, or any personally identifiable
information.
Log files are retained for a rolling 5-day period and then automatically deleted.
We do not sell, trade, rent, or share your data with any third party. Because no data is transmitted to our servers, there is nothing for us to share.
This application is not directed at children under 13 and we do not knowingly collect personal information from children.
If we make material changes to this privacy policy, we will update the “Last updated” date at the top of this page. We encourage you to review this policy periodically.
If you have questions about this privacy policy or the application’s data practices, please contact us at dizzymonkeydesign.com or email support@dizzymonkeydesign.com.