Sugar Mail is an email app. As such, it will access messages in the email account(s) that you add into the app, and send messages on your behalf.
You grant consent for this by adding an email account into the app.
For Exchange and Office 365 accounts, the app also access Calendar and Contacts so they can be synced with Android.
Any of your data handled by Sugar Mail is not shared with any third party.
This includes account identifiers (emails), passwords, and the contents of your email messages including text, headers, and attachments.
Connections to mail servers are encrypted using TLS, the industry standard for network traffic encryption. TLS 1.3 is supported if available.
For these mail services, Sugar Mail utilizes an advanced authentication method called OAUTH2 which lets the app access your email and only your email (and nothing else in your account), without knowing or storing the account's password.
This is the method strongly preferred by Google, Yahoo, Hotmail, and other large email providers.
When setting up an account in Sugar Mail, you grant the app the permission to access your emails in a special window that's presented by Gmail / Yahoo / Hotmail / Yandex, not the app.
The permission(s) can be revoked without changing the account's password.
For Gmail (Google) accounts this can be done on Google account management page under Apps with access to your account.
For Outlook.com / Hotmail, it's in account settings.
For Yahoo, it's in account settings under recent activity.
Finally, for Yandex, it's in Yandex Passport settings.
The Android app by default collects anonymous statistical data such as the number of installs per country. This can be turned off in the app's Settings under About.
The Android app does not use ads, and therefore does not contain any trackers that are often used by ad networks.
Sometimes spammers use linked images to know if you've opened a message. By default, Sugar Mail blocks externally linked content including such images and only trusts senders in your contacts. For others, you need to tap a button to show linked content.
Sugar Mail is one of a few email apps that passes the email app privacy test on Email Privacy Tester.
The use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
You can remove an email account's data from the app by going into the app's Settings, tapping the account, and choosing Remove. The data will be removed immediately.
You can contact support for technical help or for DPO or GDPR inquiries at support@sugarmail.app