Recipient Finder for Outlook

Privacy Policy

Privacy Policy – Recipient Finder

Privacy Policy for Recipient Finder

Last Updated: October 10, 2025

Effective Date: October 10, 2025

Privacy First: Recipient Finder stores all contact data locally on your device. Your email sender information never leaves your computer except for license verification.

1. What We Do

Recipient Finder helps you quickly find email recipients by indexing sender information from your inbox. Think of it as a fast search tool for ”who has emailed me?”

2. What Data We Access and Store

2.1 Contact Index (Stored Locally Only)

What we read from your mailbox:

  • Email addresses from the ”From” field
  • Display names (e.g., ”John Smith”)
  • Timestamps (when the email was received)

Where it’s stored:

  • ✅ On your device only (browser’s local storage)
  • ❌ Never sent to our servers
  • ❌ Never uploaded to the cloud
Data Type We Access We Store Locally Sent to Servers
Sender email addresses Yes Yes No
Sender display names Yes Yes No
Email timestamps Yes Yes No
Email subjects No No No
Email body content No No No
Attachments No No No

2.2 Authentication

What we collect:

  • Your Microsoft account email address
  • Basic profile information (name, photo)
  • Authentication tokens (issued by Microsoft, stored temporarily)

Why: To securely authenticate you with Microsoft Graph API.

Storage: Tokens stored in your browser session, expire automatically.

Note: We never see your password—authentication is handled by Microsoft.

2.3 License Information (Sent to Our Server)

What we send to our backend:

  • Your Microsoft account ID (unique identifier, not your email)
  • Trial activation and expiration dates
  • License status (trial/active/expired)

Why: To manage your 30-day trial and subscription.

Storage: Microsoft Azure servers (EU-West region).

Retention: 90 days after subscription ends.

3. Microsoft Graph Permissions

When you sign in, you’ll be asked to approve these permissions:

Permission What It Does
Mail.Read Read sender information from your mailbox
User.Read Read your basic profile (name, email)
openid, profile, email Standard sign-in with Microsoft
offline_access Keep you signed in between sessions

Important: All permissions are ”Delegated”—the add-in only works when you’re signed in. We have no background access to your mailbox.

4. How We Protect Your Data

Local Data (Contact Index)

  • Stored in your browser’s secure storage
  • Protected by your device’s security (OS encryption, account protection)
  • Never transmitted over the internet

Server Data (License Info Only)

  • All connections use HTTPS encryption (TLS 1.2+)
  • Data at rest encrypted with AES-256
  • Stored on Microsoft Azure (ISO 27001, SOC 2 certified)
  • Access restricted to authorized personnel only

5. Your Data Rights

View Your Data

All indexed contacts are visible within the add-in settings at any time.

Export Your Data

Click ”Export Data” in settings to download your contact index as CSV or JSON.

Delete Your Data

Local data:

  • Click ”Clear All Data” in add-in settings, OR
  • Uninstall the add-in (auto-clears local storage), OR
  • Clear your browser’s site data

Server data (license info):

Email us to request deletion. We’ll process it within 30 days.

Revoke Permissions

You can revoke Microsoft Graph permissions anytime:

  1. Go to Microsoft Account Privacy
  2. Find ”Recipient Finder” under apps
  3. Click ”Remove permissions”

6. Data Sharing

We do NOT sell, rent, or trade your data. Ever.

We share data only with:

  • Microsoft: For authentication and mailbox access (governed by Microsoft’s Privacy Policy)
  • Azure (Microsoft): For hosting license verification backend

We may disclose information if:

  • Required by law or court order
  • Necessary to protect our legal rights
  • Investigating fraud or security issues

7. Data Retention

Data Type How Long We Keep It
Contact index (local) Until you clear it or uninstall
License information 90 days after subscription ends
Authentication tokens Session duration (~1 hour)

8. International Users

License data is stored in Microsoft Azure (EU-West region). We comply with GDPR for EU users and other applicable data protection laws.

GDPR Rights (EU Users):

  • Right to access your data
  • Right to correct inaccurate data
  • Right to delete your data
  • Right to export your data
  • Right to object to processing

To exercise these rights, email us using the contact information below.

9. Children’s Privacy

Recipient Finder is designed for business and professional use. We do not knowingly collect data from users under 18.

10. Changes to This Policy

We may update this policy as we improve the add-in. You’ll be notified via:

  • In-app banner when you next open Recipient Finder
  • Email (if we have your contact)
  • Updated date at the top of this page

Need Help or Have Questions?

Email: sunrob@sunrob.com
Company: Sunrob Packaging Oy
Address: Yläniitynkatu 6 A, 53550 Lappeenranta, Finland

Response time: Within 30 days for data requests.

Quick Links

This privacy policy was last updated on October 10, 2025.