Privacy Policy

Effective date: March 15, 2026

fromGmail ("we", "our", "the extension") is a Chrome browser extension developed and operated by fromGmail. It reads verification codes from your Gmail inbox and auto-fills them on websites. Your privacy is fundamental to how we built this product.

Application identity

fromGmail is a Chrome browser extension available at www.fromgmail.com. Its sole purpose is to detect verification and authentication codes in your Gmail inbox and auto-fill them into website input fields.

Google user data we access

fromGmail requests the gmail.readonly OAuth scope from the Google Gmail API. This grants read-only access to your Gmail inbox. We use this access solely to identify incoming verification and authentication codes — numeric or alphanumeric codes commonly sent by websites for two-factor authentication, one-time passwords (OTP), or account verification.

The extension also uses active tab permission to detect code input fields on the website you are currently viewing and auto-fill them.

We do not request write, send, delete, or modify access to your Gmail account. We cannot alter your emails in any way.

How Google user data is processed

When a verification code is detected in your Gmail inbox:

• The code is extracted locally within your browser using the Gmail API.
• It is held temporarily in browser memory only long enough to fill the input field on the active tab.
• Once the code is entered or the tab is closed, it is discarded from memory.
• No email content, metadata, sender information, or verification codes are ever written to disk, local storage, or any persistent storage mechanism.

Data collection and storage

We do not collect, store, or persist any of your data. Specifically:

• We do not store your email content, subjects, sender information, or any email metadata.
• We do not store verification codes after they are used or discarded.
• We do not transmit any data to external servers, backend services, or any remote endpoint.
• We do not use analytics, tracking pixels, cookies, or telemetry of any kind.
• We do not have a backend server. The extension operates entirely within your browser.
• No Google user data persists between browser sessions.

Third-party sharing and transfers

We do not share, sell, rent, or transfer your Google user data to any third party. Specifically:

• We do not transfer or sell data to advertising platforms, ad networks, or data brokers.
• We do not transfer or use data for retargeting, interest-based advertising, or personalized advertising of any kind.
• We do not use data for credit assessment, lending, or insurance underwriting decisions.
• There are no third-party scripts, SDKs, analytics services, or tracking services embedded in the extension.
• Data is not transferred to any third party for any reason, except as may be required by law.

Human access to data

No humans read your Google user data. The extension processes email content programmatically and locally within your browser. No person — including the developers of fromGmail — has access to your emails, verification codes, or any data obtained through the Gmail API.

Google API Services Limited Use disclosure

fromGmail's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In accordance with these requirements:

• fromGmail only uses Google user data to provide the user-facing feature described in this policy: detecting verification codes and auto-filling them.
• fromGmail does not use Google user data for any other purpose.
• fromGmail does not allow humans to read Google user data unless the user has given affirmative consent, it is necessary for security purposes, or it is required by law.
• fromGmail does not transfer Google user data to third parties, including for advertising, data brokering, or information reselling purposes.

Permissions requested

The extension requests the minimum permissions necessary to function:

• gmail.readonly (Google Gmail API) — read-only access to scan for verification code emails. This is a restricted scope.
• activeTab (Chrome Extension API) — to detect code input fields and auto-fill them on the currently active tab.
• identity (Chrome Extension API) — to authenticate with your Google account via OAuth 2.0.

Data retention

Since we do not collect or store data, there is nothing to retain. No Google user data persists between browser sessions. Verification codes exist only in volatile browser memory for the duration of the auto-fill operation.

Data security

All communication with the Gmail API occurs over encrypted HTTPS connections. Authentication is handled via Google's OAuth 2.0 flow. No credentials or tokens are stored outside of Chrome's built-in secure identity storage. Since no data is stored or transmitted to external servers, the attack surface for data exposure is minimized.

Your rights and controls

You can revoke fromGmail's access to your Google account at any time by:

• Removing the extension from Chrome.
• Revoking access at Google Account Permissions.

Because we do not store any data, revoking access immediately and completely ends all data processing.

Children's privacy

fromGmail is not directed at children under 13. We do not knowingly collect personal information from children.

Changes to this policy

If we update this privacy policy, we will revise the effective date at the top and notify users through the extension or our website. Continued use of the extension after changes constitutes acceptance of the updated policy. We will not change our data practices to be less protective without providing notice and obtaining consent.

Contact

If you have questions about this privacy policy or our data practices, contact us at privacy@fromgmail.com.