Our Commitment to Privacy
Stop RSF Terror is committed to protecting your privacy. This privacy policy explains how we handle data when you use our email advocacy tool.
What Google User Data We Collect
When you choose to use our Gmail integration feature, we collect the following Google user data:
- Your email address (to display your identity and send emails on your behalf)
- Your name and profile picture (to personalize your experience)
- OAuth access tokens (temporarily stored in your browser session only)
How We Use Google User Data
We use Google user data exclusively to provide and improve the core functionality of our application:
- Sending Emails: We use your Gmail account to send advocacy emails to international officials on your behalf
- Displaying Your Identity: We display your name and email address to confirm your identity during the email composition process
- Authentication: We use OAuth tokens to securely authenticate your requests to Google's servers
We do NOT use your data for any other purposes, including:
- Targeted or personalized advertising
- Training AI or machine learning models
- Determining credit-worthiness or lending purposes
- Creating marketing databases
- Any purpose unrelated to the core email advocacy functionality
Data Sharing and Third Parties
We do not sell, rent, or transfer your Google user data to any third parties.
Your data is only shared with:
- Google: Emails are sent through Google's servers as part of the Gmail API service. This is necessary to provide the core functionality of sending emails from your Gmail account.
- No Other Third Parties: We do not share your data with data brokers, information resellers, advertisers, or any other third parties.
Data Collection & Storage
Personal Data We DO NOT Store:
- Your email address or name (we keep only an irreversible, keyed one-way hash derived from your email address, used solely to count unique participants; it cannot be reversed to identify you)
- Email content or message text
- Recipient email addresses (with one exception: if delivery to some officials fails, a short sample of those officials' publicly available addresses is kept temporarily for reliability diagnostics)
- Gmail credentials or access tokens
- IP addresses or device information
Anonymous Statistics We Store:
- Total number of emails sent (aggregate count only)
- Country breakdown of recipients (based on which officials were contacted)
- Timestamps of when emails were sent
- All data is anonymous and cannot be linked to individual users
Gmail Integration:
- OAuth access tokens are stored in your browser's session storage only
- Tokens are automatically deleted when you close your browser
- When you send emails, your access token is transmitted to our secure Cloud Function over HTTPS and used only transiently in memory to perform the send — it is never written to storage or logs
- We request minimal OAuth scopes: gmail.send, userinfo.email, userinfo.profile
- Emails are sent directly from your Gmail account using Google's servers
Data Protection and Security
We implement industry-standard security measures to protect your data:
- Encryption: All data transmission between your browser and our servers uses HTTPS/TLS encryption
- Secure Authentication: We use OAuth 2.0, the industry-standard protocol for secure authorization
- No Server-Side Storage: We do not store your Gmail credentials, access tokens, or message content on our servers
- Session-Only Storage: OAuth tokens are stored only in your browser's session storage and are automatically deleted when you close your browser
- Minimal Permissions: We request only the minimum OAuth scopes necessary for core functionality
Data Retention and Deletion
Personal Data:
- We do not retain any personal data on our servers
- OAuth access tokens are stored only in your browser session and are automatically deleted when you close your browser
- You can revoke access at any time through your Google Account settings (see below)
Anonymous Statistics:
- Per-send records (aggregate counts, recipient country, timestamps, and failure diagnostics) are automatically deleted after 90 days
- Anonymous aggregate totals (total email counts, country distribution) are retained indefinitely for advocacy impact measurement
- These statistics cannot be linked to individual users and do not contain any personal information
Your Right to Delete:
- We store no directly identifying personal data. If you wish, you may request deletion of the hashed participation identifier associated with your email address by contacting us at the address below
- To remove our app's access to your Google account, follow the instructions below
Cookies, Local Storage & Abuse Protection
We do not use tracking cookies or analytics. Your browser's session storage is used only to keep you signed in during your visit.
To protect the service against automated abuse, this site is protected by Google reCAPTCHA Enterprise (via Firebase App Check), and its use is subject to the Google Privacy Policy and Terms of Service.
Revoking Access
If you've granted Gmail access, you can revoke it at any time:
- Open Google Account permissions
- Find "Stop RSF Terror" under third-party access
- Click "Remove access"
Once revoked, all access tokens will be immediately invalidated and we will no longer be able to send emails on your behalf.
Google API Disclosure
Stop RSF Terror's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
Limited Use Requirements:
We strictly limit our use of Google user data to providing and improving user-facing features that are prominent in our application's user interface. We do not use Google user data for any other purposes.
Requested OAuth Scopes:
- gmail.send - To send advocacy emails on your behalf to international officials
- userinfo.email - To display your email address and confirm your identity
- userinfo.profile - To display your name and profile picture
Prohibited Uses:
We explicitly do NOT use Google user data for:
- Serving advertisements
- Selling to third parties, data brokers, or information resellers
- Determining credit-worthiness or for lending purposes
- Training artificial intelligence or machine learning models
- Any purpose other than providing the core email advocacy functionality
Contact Us
If you have questions about this privacy policy or how we handle data, please contact us at stoprsfterror@gmail.com