Your Privacy Comes First
WhoHasMyEmail is built with one core principle: We only access the minimum data required β and we never store your emails.
π Secure App-Specific Passwords
We never ask for your real Gmail password. You authenticate using app-specific passwords generated by Googleβthe same method trusted by:
- Email clients (Apple Mail, Outlook)
- Backup services
- Calendar syncing apps
- Third-party mail tools
App-specific passwords ensure that:
- Your real Gmail password is never exposed
- Credentials are encrypted and auto-deleted after 24 hours
- You can revoke access instantly from your Google account
- Access is strictly read-only via secure IMAP
π¬ Read-Only Access
The permissions we request are strictly read-only. This means:
- we cannot delete emails
- we cannot modify your inbox
- we cannot send emails
- we cannot read full messages
Google enforces these restrictions automatically.
π§Ύ We Never Read Email Body Content
Our scanning process only uses metadata headers:
- From β who sent the email
- Subject β what category the email belongs to (welcome, login, receipt, etc.)
- Date β when it was sent
We never access:
- email body text
- attachments
- embedded images
- HTML content
You stay 100% in control of your private messages.
π« Zero Data Storage
Your email metadata is processed in memory and deleted immediately.
We do not store:
- emails
- subjects
- service names
- personal information
- credentials beyond 24 hours (encrypted, then auto-deleted)
The only thing you receive is your final report.
π Revoke Access Anytime
You can revoke your app-specific password instantly:
- Go to: Google Account β App Passwords
- Find the app password you created for WhoHasMyEmail
- Click Revoke
Once revoked, we can never access your inbox again. Credentials are also auto-deleted after 24 hours.
Ready to See Your Digital Footprint?
Secure, private, one-time scan using metadata only.
Start Your Scan