Last updated: April 6, 2026
Outlook MailDeck ("the Extension") is a browser extension that helps you triage emails in Outlook Web using a swipe-based interface. Your privacy is important to us. This policy explains what data the Extension accesses and how it is handled.
The Extension accesses the following data from your Outlook account via the Microsoft Graph API or Outlook REST API:
The Extension does not access your contacts, calendar, files, or any other Microsoft 365 data.
All email data is fetched directly from Microsoft's servers to your browser and rendered locally. No email data is ever sent to our servers or any third-party service. The Extension operates entirely within your browser.
The Extension reads authentication tokens from Outlook Web's existing browser session (MSAL cache in localStorage/sessionStorage). It does not perform its own OAuth flow, prompt you for your Microsoft password, or store your credentials. Tokens are held temporarily in chrome.storage.session, which is cleared when the browser closes.
The Extension stores your preferences locally on your device using chrome.storage.local. This includes:
This data never leaves your device.
Subscription management is handled by ExtensionPay, which uses Stripe for payment processing. When you subscribe:
Please refer to ExtensionPay's Privacy Policy and Stripe's Privacy Policy for details on how they handle your data.
The Extension does not include any analytics, tracking pixels, telemetry, or third-party scripts. We do not collect usage data, crash reports, or behavioral data of any kind.
We do not sell, share, or transfer your data to any third parties, except as described in Section 5 (subscription management via ExtensionPay/Stripe).
We do not retain any data on servers. All data processed by the Extension exists only in your browser's local storage and is under your control. You can clear it at any time by removing the Extension or clearing your browser data.
For users in the European Economic Area (EEA) and United Kingdom, our legal basis for processing personal data is Legitimate Interest (Article 6(1)(f) GDPR). We process your email metadata solely to provide the email triage functionality you have installed and use. This processing is necessary for the service and does not override your fundamental rights.
For subscription-related processing (email address collected by ExtensionPay/Stripe), the legal basis is Contract performance (Article 6(1)(b) GDPR).
If you are located in the EEA or United Kingdom, you have the following rights regarding your personal data:
To exercise any of these rights, contact us at support@efytab.com. Note: since all email data is processed locally in your browser and never sent to our servers, the primary way to delete this data is to uninstall the Extension or clear your browser storage. For subscription data, contact ExtensionPay/Stripe directly.
This Privacy Policy is governed by the laws of Belgium. For EEA users, it is also subject to the General Data Protection Regulation (GDPR). For UK users, it is subject to the UK GDPR and the Data Protection Act 2018.
The Extension is not intended for use by children under 13. We do not knowingly collect personal information from children.
We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date.
If you have questions about this privacy policy, please contact us at support@efytab.com.