Privacy Policy

Last updated: December 2025

This Privacy Policy explains how WhoHasMyEmail (“we”, “us”, “our”) collects, uses, and protects information when you use our service at whohasmyemail.com. WhoHasMyEmail is owned and operated by Martin S, based in Sweden (EU).

1. What the service does

WhoHasMyEmail scans your Gmail account using Google OAuth with read-only permissions. We analyze registration and notification emails to identify online accounts associated with your email address. We then generate a PDF and an Excel report and send them to you.

2. Information we access

When you use our service, we may access the following information:

• Your Gmail email address (e.g. your.email@gmail.com).
• Read-only access to your Gmail inbox via Google OAuth.
• Email metadata such as:
  • Sender address (From)
  • Subject line (Subject)
  • Date and time (Date)

We do not read or store the body content of your emails.

3. What we do with the data

We use the data we access to:

• Identify services, websites, and platforms where your email address has been used.
• Categorize those accounts (e.g. Social Media, Shopping, Gaming, Finance).
• Generate a PDF and an Excel report that we send to your email address.

Processing is automated and focused on email headers and patterns typical of account registration, password resets, and similar notifications.

4. Data storage and retention

• Emails are processed in real-time during the scan.
• We do not permanently store the content of your Gmail messages.
• Your final reports (PDF and Excel) may be temporarily stored for delivery purposes.
• We aim to delete temporary data as soon as it is no longer necessary to provide the service.

We may store basic technical and payment-related information (for example Stripe payment IDs and logs) for accounting, security, and troubleshooting purposes.

5. Gmail and Google OAuth

We use Google OAuth for authentication. This means:

• We never see or handle your Gmail password.
• You explicitly grant read-only access via Google’s own interface.
• You can revoke access at any time from your Google account: https://myaccount.google.com/permissions

6. Payments (Stripe)

Payments are processed securely by Stripe. We do not store your full credit card details. Stripe may store limited information as required for payment processing, fraud prevention, and legal compliance. For more details, please see Stripe’s own privacy policy.

7. Cookies and analytics

We may use cookies or similar technologies for basic analytics and to understand how the service is used. For example, we may use Google Analytics or a similar tool to count visits and see aggregated usage patterns.

These analytics do not give us direct access to the content of your emails and are used only to improve the service and its performance.

8. Legal basis and location

WhoHasMyEmail is operated from Sweden (EU). We strive to align with GDPR principles such as data minimization, transparency, and user control.

We process your data to provide the service you request (contractual necessity) and, where applicable, based on your consent (for example, when you authorize Gmail access).

9. Your rights

Depending on your location, you may have rights such as:

• The right to access personal data we hold about you.
• The right to request correction or deletion of your data where applicable.
• The right to withdraw consent (for example by revoking Gmail access).

To exercise these rights, please contact us via the Contact page or the email address listed there.

10. Data sharing

We do not sell your personal data. We may share limited data with service providers that help us operate the service, such as:

• Stripe (payment processing)
• Email delivery providers
• Analytics providers
• Hosting providers

These providers are only given the information they need to perform their functions and are expected to protect it appropriately.

11. Security

We use reasonable technical and organizational measures to protect your data. However, no system can be completely secure, and we cannot guarantee absolute security of information transmitted over the internet.

12. Children

WhoHasMyEmail is intended for adults and not directed at children. If you are under the age required by law in your country to provide consent, you should not use this service without parental or guardian supervision.

13. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top will reflect the most recent version. Your continued use of the service after changes are posted means you accept the updated policy.

14. Contact

If you have questions about this Privacy Policy or how we handle your data, please contact us via the Contact page on the website.

This Privacy Policy is provided for transparency and general information. It is not legal advice. If you require legal certainty, please consult a lawyer.