Privacy Policy

Effective date: June 23, 2026  ·  Last updated: June 23, 2026

1. Data Controller

The data controller responsible for your personal data is:

Farluner Apps
ul. Dominikańska 21B
02-738 Warsaw, Poland

Privacy contact: farluner.privacy@gmail.com

This Privacy Policy applies to GmailHamster.com — a web application that compresses Gmail attachments to help users reclaim Google storage space.

2. Data We Collect

We collect the minimum data necessary to operate the service. We access your Gmail account only through Google's official OAuth 2.0 API.

2.1 Account Data

Data Source Purpose
Gmail email address Google OAuth Account identification, subscription management
OAuth access token Google OAuth Authorising Gmail API calls during your session
OAuth refresh token Google OAuth Maintaining your login session between visits

2.2 Gmail Data (processed temporarily)

Data Why we access it Do we store it?
Email attachment files (images, videos, PDFs) Downloaded to our servers for compression, then uploaded back to Gmail Temporarily — deleted immediately after processing (max 24 h)
Email metadata (message ID, thread ID, labels, headers) Required to recreate the email in-place with the compressed attachment No — used in memory during the operation only
List of emails with attachments Displayed to you so you can select which emails to process No — fetched on demand, never persisted
We do NOT access or store: email body text, email subject lines, recipient/sender addresses, emails without attachments, or any content unrelated to the attachment compression workflow.

3. How We Use Your Data

  • Compression service — downloading your selected attachments, compressing them using our own APIs, and replacing the original attachment in Gmail.
  • Account management — associating your email address with your subscription plan and usage quota.
  • Authentication — storing your OAuth tokens to keep you logged in and to authorise Gmail API calls on your behalf.
  • Service communications — responding to support requests you initiate.

We do not use your data for advertising, profiling, or any purpose beyond operating the service described above.

4. Data Retention

Data type Retention period
Attachment files (images, videos, PDFs) Deleted immediately after processing completes — maximum 24 hours for automated cleanup; typically under 5 minutes
Email metadata used during processing Held in memory only; never written to disk or database
Gmail email address Retained while your account is active; deleted within 30 days of account deletion
OAuth refresh token Retained until you revoke access or delete your account; encrypted at rest
Compression history (file size, date, savings) Retained while your account is active; deleted on account deletion request

5. Third-Party Processors & International Data Transfers

We share your data only with the processors listed below, strictly to operate the service. All processors are bound by data processing agreements.

Google LLC Authentication · Gmail API · Database

Location: United States (transfer outside EU/EEA)

Data shared: OAuth tokens, Gmail API calls

Transfer basis: Standard Contractual Clauses (SCCs) adopted by the European Commission; Google also participates in the EU-U.S. Data Privacy Framework.

Privacy policy: policies.google.com/privacy

Simple Video Editor (SVE API) Video compression

Operator: Farluner Apps (our own service)

Location: United States — DigitalOcean Spaces, NYC3 datacenter (New York, USA). Video attachment files are temporarily uploaded here for compression.

Transfer basis: Your explicit consent given when you authorise the application and initiate a compression job. DigitalOcean LLC also operates under Standard Contractual Clauses with EU customers.

Retention: Files deleted immediately after compression result is returned — maximum 24 hours.

Simple Image Resizer (SIR API) Image & PDF compression

Operator: Farluner Apps (our own service)

Location: European Union

Data shared: Image and PDF attachment files — temporarily, for compression only

Retention: Files deleted immediately after compression — maximum 24 hours.

We do not sell, rent, or share your data with any third party for marketing, advertising, or any purpose beyond operating this service.

7. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

Right What it means
Access (Art. 15) Request a copy of the personal data we hold about you
Rectification (Art. 16) Request correction of inaccurate data
Erasure (Art. 17) Request deletion of your account and all associated data ("right to be forgotten")
Restriction (Art. 18) Request that we limit how we process your data
Portability (Art. 20) Request your data in a structured, machine-readable format
Objection (Art. 21) Object to processing based on legitimate interests
Withdraw consent (Art. 7(3)) Revoke your OAuth authorisation at any time without affecting prior processing

To exercise any of these rights, email us at farluner.privacy@gmail.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Polish supervisory authority: Urząd Ochrony Danych Osobowych (UODO), ul. Stawki 2, 00-193 Warsaw — uodo.gov.pl.

8. Cookies & Session Data

GmailHamster.com uses a single server-side session cookie to keep you logged in. We do not use advertising, analytics, or tracking cookies.

Cookie / Storage Purpose Duration
session (HttpOnly, Secure, SameSite=Lax) Maintains your authenticated session after Google OAuth login Until logout or browser close
Firebase Authentication token Stored server-side (Firebase Firestore) — your OAuth refresh token, encrypted Until you revoke access or delete your account

9. Data Security

  • All data transmission is encrypted using HTTPS/TLS.
  • OAuth refresh tokens are stored encrypted at rest in Firebase Firestore.
  • Attachment files are processed in isolated environments and never shared between users.
  • No Farluner employee can view your email attachments — processing is fully automated.
  • In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours as required by GDPR Article 33.

For a detailed explanation of our security practices, see our Trust & Safety page.

10. Changes to This Policy

We may update this Privacy Policy when our practices change or when required by law. If we make material changes, we will notify you by email (to the address associated with your account) at least 14 days before the changes take effect. The "Last updated" date at the top of this page always reflects the current version.

11. Contact

For any privacy-related questions or to exercise your GDPR rights:

Farluner Apps
ul. Dominikańska 21B, 02-738 Warsaw, Poland

Email: farluner.privacy@gmail.com

We aim to respond to all privacy requests within 30 days.