Your certificate data stays on your device.
MailMyCertificate was designed around a simple idea: organizers should not need to upload participant data to external servers just to generate and send certificates.
Local Processing
Certificate generation happens directly inside your browser using your own device.
No Participant Uploads
Your CSV files, participant names, and generated certificates are not uploaded to our servers.
Minimal Trust Required
The product is intentionally engineered to minimize how much user data ever leaves the browser.
This Privacy Policy explains how MailMyCertificate handles data when you use the application. By using the platform, you agree to the practices described below.
1. Local-First Processing & Data Sovereignty
MailMyCertificate is developed by Akshat Thakur and follows a local-first architecture. Certificate templates, participant data, generated PDFs, and workflow progress are processed directly inside your browser whenever possible.
Unlike many traditional SaaS tools, MailMyCertificate is intentionally designed to reduce dependency on external cloud storage for core certificate generation workflows.
Complete Local Processing
- Certificate templates are stored locally inside your browser storage.
- CSV and Google Sheets imports are processed 100% on the client side.
- PDF generation occurs exclusively within your browser using client-side processing.
- Generated certificates remain on your device until you manually send them.
- All data is deleted immediately when your browser tab closes.
What We Do Not Do
- We never upload participant data to external servers.
- We never permanently store certificate generation logs.
- We never access or cache your Google Sheets or Gmail after the immediate operation.
- We never use Workspace API data for any analytics or secondary purposes.
2. Information We Collect
MailMyCertificate does not intentionally collect or sell participant information.
Some limited technical information may be collected automatically for operational and security purposes, including:
- Browser type and version
- Device information
- Error logs and crash diagnostics
- Basic anonymous usage analytics
Any monitoring or diagnostics services used by the platform are configured to avoid intentionally storing Personally Identifiable Information (PII) wherever reasonably possible.
3. Browser Storage & Local Data
MailMyCertificate may store temporary workflow data locally inside your browser using technologies such as IndexedDB or Local Storage.
This may include:
- Uploaded certificate templates
- Participant lists
- Generated certificate references
- Workflow progress and session recovery data
This local data exists only on your device and can typically be removed by clearing your browser storage.
4. Google Workspace API Usage & Guaranteed Data Handling
MailMyCertificate uses the following Google APIs to deliver its core functionality.
Gmail API (gmail.send scope)
- Purpose: Send personalized certificates directly through your Gmail account to event participants.
- Data Accessed: Only recipient email addresses and certificate content.
- Data Handling: Emails are sent through your Gmail account only; MailMyCertificate does not store, read, or retain emails, inbox data, or any Gmail account information.
- No Inbox Access: This application never reads, modifies, or stores any existing emails in your Gmail inbox.
Google Sheets API (spreadsheets.readonly scope)
- Purpose: Import participant data (names, emails, custom fields) from your Google Sheets to personalize certificates.
- Data Accessed: Only the columns and rows you explicitly select during import.
- Data Handling: Sheet data is read once, processed entirely on your device, and never stored on MailMyCertificate servers.
- No Modifications: This application never modifies, edits, or deletes any content in your Google Sheets.
AI/ML & Foundational Model Compliance (2026 Mandate)
Critical Guarantee: Data accessed from Google Workspace APIs (Gmail, Google Sheets) will never be used, transferred, or sold to train, improve, or create any foundational, generative, or large language models, or any other machine learning or artificial intelligence systems. We are prohibited from using your data for any AI training purposes.
5. Hosting & Infrastructure
MailMyCertificate may use third-party hosting and infrastructure providers such as Vercel for website delivery, uptime, analytics, and security.
These providers may temporarily process technical request information such as IP addresses, browser metadata, and performance logs as part of normal web infrastructure operations.
However, participant certificate data is not intended to be permanently stored on these infrastructure services.
5.5 Analytics & Google Tag Manager
MailMyCertificate uses Google Tag Manager (GTM) and Google Analytics (GA4) to track anonymous usage metrics and improve the platform.
Critical: Workspace Data Exclusion
GUARANTEED: No data accessed from Google Workspace APIs (Gmail, Google Sheets, participant information, certificate content, or email addresses) is ever sent to Google Analytics, Google Tag Manager, or any third-party analytics service.
Analytics data collected is limited to:
- Anonymous visitor ID (locally generated, never linked to email or identity)
- Page path and navigation flow (no personal data)
- Feature usage (e.g., "template_uploaded", "certificate_generated") with aggregate counts only
- Browser type and device category (non-identifying)
- Error events (no PII or sensitive data included)
Participant rosters, certificate content, email addresses, and all data accessed from Workspace APIs are processed locally in your browser and never transmitted to analytics services.
6. Data Retention & Instant Deletion
Your data is handled with the highest level of transience and minimal retention.
- Certificate Generation: All PDF generation occurs exclusively in your browser.
- Participant Data: Your participant lists are never transmitted to or stored on MailMyCertificate servers.
- Session Deletion: When you close your browser tab, all temporary workflow data is automatically deleted from local browser storage.
- No Server Logs: Participant data and certificate content are not logged on MailMyCertificate infrastructure.
- Email Content: Certificate emails are sent through your Gmail account; MailMyCertificate retains no copy of sent emails or their recipients.
7. Open Source Transparency
MailMyCertificate is an open-source project.
Transparency is important for tools that process participant information and certificate workflows. Users may inspect the public source code repository to better understand how the application works.
View GitHub Repository8. Policy Updates
This Privacy Policy may be updated from time to time to reflect technical improvements, legal requirements, or workflow changes.
Material privacy-related changes will be reflected on this page.
Engineering Commitment
MailMyCertificate was originally built to solve a real organizer workflow problem without forcing users to trust unknown servers with participant data.
The goal is simple: generate and send certificates with as little unnecessary data exposure as possible.