Privacy Policy

Last updated: June 13, 2025

Relationship Manager ("ERM", "the App") is a personal relationship management application. Your privacy is important to us. This policy explains what data the App collects, how it is stored, and your rights.

1. Data Storage

All personal data you enter — including contacts, relationships, gift ideas, notes, tags, and photo assignments — is stored locally on your device using your browser's localStorage and IndexedDB. No data is sent to or stored on our servers.

Photo face-crop images are stored in IndexedDB on your device. Original photos are never uploaded to our servers.

2. Microsoft Account & OneDrive Sync (Optional)

If you choose to sign in with a Microsoft account, the App uses Microsoft Authentication Library (MSAL) to authenticate you. When sync is enabled, your data is saved to your personal OneDrive in a private app folder. This is a direct connection between your browser and Microsoft's services — we do not have access to your Microsoft credentials or OneDrive files.

Authentication tokens are managed by MSAL and stored in your browser session.
You can disconnect your Microsoft account at any time from Settings or the profile menu.
Disabling sync does not delete data already on your OneDrive; you can remove it manually.

3. Microsoft Graph Permissions

When you sign in, the App requests the following Microsoft Graph permissions. Each is used only for the stated purpose and data is accessed directly between your browser and Microsoft — never routed through our servers.

User.Read — reads your display name, email address, and profile photo to show in the App header.
Files.ReadWrite.AppFolder — reads and writes a single data file in a private app-specific folder on your OneDrive for sync.
Files.Read — reads your OneDrive files and folders so you can browse and select photos for face detection.
Contacts.Read — reads your Outlook contacts so you can import relationship data (name, email, phone, birthday, address).
Mail.Read — reads your Outlook email to display recent correspondence with a selected contact. Emails are fetched on demand and are not stored locally.

4. Google Account & Google APIs (Optional)

If you choose to sign in with a Google account, the App uses Google Identity Services (GIS) to authenticate you via an OAuth 2.0 popup flow. Data is accessed directly between your browser and Google’s APIs — we do not have access to your Google credentials.

4a. Google User Data We Collect

When you sign in with Google, the App collects and uses the following Google user data:

Display name, email address, and profile photo (via userinfo.profile / userinfo.email) — displayed in the App header to identify your active account.
Google Contacts (name, email, phone, birthday, address) (via contacts.readonly) — fetched on demand when you choose to import contacts. Imported records are stored locally on your device, not on our servers.
Gmail message metadata and content (via gmail.readonly) — fetched on demand to display recent correspondence with a selected contact. Email content is never stored locally or on our servers.
Google Drive file and folder listings (via drive.file) — fetched on demand for the specific photos you select via the Google Drive Picker. Only files you explicitly choose are downloaded to your browser for client-side face detection; no other Drive content is accessed or transmitted to our servers.

4b. How We Use Google User Data

Google user data is used exclusively to provide the features you explicitly request within Relationship Manager:

Profile information is shown in the App header to confirm which account is connected.
Contact data is used to populate your local relationship records when you trigger an import.
Gmail data is used to display recent emails within the App for context on a selected contact.
Drive data is used to let you browse and assign photos to contacts.

We do not use Google user data for advertising, profiling, training AI/ML models, selling to data brokers, or any purpose unrelated to the App's core functionality.

4c. Sharing and Disclosure of Google User Data

We do not sell, share, transfer, or disclose Google user data to any third party. All Google API calls are made directly between your browser and Google's servers. Our backend server does not receive, process, or store any Google user data.

4d. Google API Scopes Requested

contacts.readonly — reads your Google contacts so you can import relationship data (name, email, phone, birthday, address).
gmail.readonly — reads your Gmail messages to display recent correspondence with a selected contact. Emails are fetched on demand and are not stored locally.
drive.file — accesses the specific Google Drive photos you select via the built-in Google Drive Picker. Only files you explicitly choose are accessed; the App cannot browse or read any other Drive files.
drive.appdata — reads and writes a single data file in a hidden, app-specific folder on your Google Drive for optional cloud backup and sync of your relationship data. No other Drive content is accessed.
userinfo.profile / userinfo.email — reads your display name, email address, and profile photo to show in the App header.

Authentication tokens are managed by GIS and stored in your browser’s localStorage.
You can disconnect your Google account at any time from Settings or the profile menu.
You can revoke the App’s access in your Google Account permissions.

5. Cloud Photos & Face Detection (Optional)

The App can browse your OneDrive and/or Google Drive folders to find photos and run client-side face detection using face-api.js. All face detection and recognition processing happens entirely in your browser using your device’s CPU — no images or facial data are sent to any server.

Photos are downloaded from OneDrive (via Microsoft Graph) or Google Drive (via Google Drive API) directly to your browser.
Detected face crops and recognition descriptors are stored locally in IndexedDB on your device.
You can remove assigned photos at any time from a person's Photos tab.

6. Email Lookup (Optional)

When viewing a contact who has an email address, the App can fetch recent emails you have exchanged with that person via the Microsoft Graph API (Outlook) and/or the Gmail API. Emails are retrieved on demand, displayed in the browser, and are not stored locally or transmitted to any third party .

7. Notifications & Background Sync (Optional)

If you grant notification permission, the App may display local birthday reminders. These notifications are generated entirely on your device. The App may also register for periodic background sync to keep your data up to date — this does not send any personal data to our servers.

8. Automatic Backups (Optional)

The App can perform weekly automatic backups to a local folder on your device using the File System Access API. Backups are written directly to a folder you choose and never leave your device.

9. Product Search (Gift Ideas)

When you search for gift ideas, the App sends your search query to our backend server, which forwards it to third-party product APIs (currently Open Food Facts and DummyJSON). These queries do not include any personal information — only the search term you typed.

10. Data We Do NOT Collect

We do not collect analytics or usage telemetry.
We do not use cookies for tracking purposes.
We do not sell, share, or transfer your personal data to third parties.
We do not store any of your data on our servers.
We do not send photos, facial data, or email content to any external server.

11. Security & Data Protection

We take the security of your data seriously. The following measures are in place to protect your information:

Local-only storage. Your personal relationship data is stored exclusively in your browser (localStorage and IndexedDB) or, if you opt in, in your personal OneDrive app folder. It never passes through our servers.
Encrypted transit. All communication with Microsoft Graph, Google APIs, and our backend is conducted over HTTPS/TLS, ensuring data in transit is encrypted.
Minimal scope principle. The App requests only the minimum OAuth scopes required to deliver each feature. Read-only scopes are used wherever write access is not needed.
Client-side processing. Sensitive operations such as face detection, photo handling, and email display are performed entirely in your browser. No biometric or email data is transmitted to our servers.
No server-side data storage. Our backend server does not persist any of your personal data or Google/Microsoft user data.
Token handling. OAuth tokens are managed by the respective identity libraries (MSAL, GIS) and stored only in your browser session or localStorage. We never transmit your tokens to our backend.

12. Third-Party Services

The App uses the following third-party services:

Microsoft Identity Platform / MSAL — authentication and Microsoft Graph API access (optional). Microsoft Privacy Statement
Google Identity Services (GIS) — authentication and Google People, Gmail, and Drive API access (optional). Google Privacy Policy
face-api.js — client-side face detection and recognition models loaded from a CDN. Processing happens entirely in your browser. GitHub
Google Fonts — Material Symbols icon font. Google Privacy Policy
Open Food Facts — product search API. Terms of Use

13. Data Retention & Deletion

Local data is retained in your browser until you explicitly delete it or clear your browser storage. The App does not impose an automatic expiry on locally stored data.

Google user data fetched on demand (Gmail messages, Drive listings, profile information) is held only in memory for the duration of your session and is never written to persistent storage by the App. Imported Google Contact records are stored locally on your device and remain until you delete the individual record or erase all data.

OneDrive sync data (if enabled) is retained in your personal OneDrive app folder until you manually delete it.

You can erase all local data at any time from Settings → Data → Erase All Data. This permanently removes all contacts, relationships, notes, photos, face data, and preferences from your browser. To revoke Google access and request deletion of any cached tokens, visit your Google Account permissions.

14. Children’s Privacy

The App is not directed at children under 13. We do not knowingly collect personal information from children.

15. Changes to This Policy

We may update this privacy policy from time to time. Changes will be reflected on this page with an updated date. Continued use of the App after changes constitutes acceptance.

16. Contact

If you have questions about this privacy policy, please open an issue on our GitHub repository.