← MailFalcon

Privacy policy

Last updated 2026-06-14

What MailFalcon does

MailFalcon is a Chrome extension and web dashboard that lets a sender (you) see when emails you've sent through Gmail are opened, and whether recipients click links inside them. It works by injecting a 1×1 transparent image and rewriting outbound links to pass through our redirect server before reaching the destination.

Data we collect from you (the sender)

  • Email address. Used to sign you in via a one-time code and to identify your tracked emails.
  • For each email you choose to track: a random tracking ID, the time you sent it, the number of recipients, and the original URLs of any links you included (so we can redirect recipients back to them).
  • Billing information (Stripe customer ID, subscription tier) if you upgrade to a paid plan. Stripe processes payment details; we never see your card.

We do not store the subject line or body of your emails. We do not store your recipients' email addresses — only a count.

Data we collect when a recipient opens a tracked email or clicks a tracked link

  • The tracking ID of the email (lets us attribute back to you).
  • Timestamp of the open or click.
  • A coarse classification of the user agent (desktop / mobile / bot) — used to filter out automated security scanners and Gmail's own image proxy from your stats.
  • Browser name and major version (e.g. "Chrome 130"), operating system name and version (e.g. "Windows 11"), and a coarse device descriptor where the user-agent string includes it (e.g. "iPhone").
  • Coarse geolocation derived by Cloudflare from the recipient's IP address: country, region/state, city, postal code, and IANA timezone (e.g. "America/New_York"). When available, approximate latitude/longitude at IP-block resolution (city-level, not GPS).
  • The recipient's IP address. We retain both a /24-truncated form (e.g. 192.168.1.0) for aggregate statistics and the full IP for abuse investigation. The full IP is only accessible to MailFalcon administrators and is deleted on the standard retention schedule.

We do not drop cookies on the recipient, do not fingerprint their device beyond the publicly-broadcast user-agent string, and do not share anything we collect with third-party advertising or analytics networks.

Privacy mode

Every Gmail compose window has a "Privacy mode" checkbox added by the MailFalcon extension. When checked, no pixel is injected, no links are rewritten, and no record of the send is created on our servers. That email is, from our perspective, completely untracked.

How long we keep your data

  • Free plan: tracked-email history and event log retained for 30 days, then automatically purged.
  • Pro plan: retained for 1 year.
  • Account closure: all of your data is deleted within 30 days of you signing out and not signing back in, or immediately on explicit deletion request.

Where your data is stored

Cloudflare D1 (database) and Cloudflare KV (session + rate-limit cache), both edge-replicated, primary region in eastern North America. Push notification subscriptions are stored in D1 alongside your account; we deliver pushes via the browser's standard Web Push protocol (no third-party push service).

Use of Google user data

The Chrome extension reads the body of a Gmail compose window only at the moment you click Send, and only to:

  • insert a tracking pixel image at the end of the body, and
  • rewrite outbound link URLs to pass through t.mailfalcon.app.

The modified body is then handed back to Gmail to send. The extension does not transmit your compose text, subject, recipient addresses, or any other Gmail content to our servers or to any third party. MailFalcon's use of information received from Google APIs adheres to Google's API Services User Data Policy, including the Limited Use requirements.

Your rights

You can sign in to your dashboard at any time to review every tracked email and event we've stored. To request export or deletion of your account data, email [email protected] from the email address registered to your account. We respond within 7 days.

Contact

For any privacy question, write to [email protected].