Fossa icon

Privacy Policy

Effective date: 07 February, 2019

Introduction

Fossa Team has designed the solution with the only main goal to supply Gmail users with privacy via industry-grade email encryption (S/MIME) integrated into the web browser.

Fossa Team has developed this privacy policy to inform its Website visitors and Fossa Guard extension users about how Fossa Team will collect, use, share or otherwise process any personal data or usage information.

Fossa Guard web extension

Fossa Guard web extension operates fully locally and keeps user data within the local computer only. Under user data, we mean email body in plain text, files attachments, private key, certificates, list of Google contacts.

Please note that:

Fossa Guard requests Gmail API about properties of new incoming emails and if email's content-type corresponds to S/MIME marks it by S/MIME label i.e. modifies it. Please note that this is the only case when Fossa Guard "modifies" your emails according to Google's permissions classification.

Fossa Guard creates S/MIME label if it doesn't exist in in User Gmail settings.

Fossa Guard web extension extends Gmail UI with the following functionality:

The above functionality requires the following permissions (as per Google classfication) for Fossa Guard web extension:

User Authentication

Website visitors and Fossa extension users are authenticated using Google OpenID. Fossa team doesn’t keep or transmit user identity using it exclusively to call Google services:

What cookies we use

Fossa web site uses following cookies:

What information we collect

>

How we use the information

Fossa Guard extension

FossaGuard is an end-to-end S/MIME encryption for Gmail i.e. all messages and related information are processed fully locally within user's browser providing the ability to view decrypted message only at the user side and only upon user request.

Fossa Guard doesn't use or transfer any user messages and related information for serving ads, including retargeting, personalized, or interest-based advertising.

FossaGuard doesn't allow no human to read user's messages and all related information.

FossaGuard doesn't share any user messages and related information to any third party and functions only as a local S/MIME encryption/decryption layer.

Message information displayed only within Gmail page, only for the authorized user inside the dedicated iframe which upon closing doesn't keep any local cache of user messages.

The recipient has to grant an access (by entering the passphrase) to his personal private key to let FossaGuard to decrypt the message. The private key is stored inside industry standard filestore PKCS#12 (https://tools.ietf.org/html/rfc7292) in the local extension storage and is fully managed by the user who is the only one who can import / export the private key.

Fossa Server

Fossa server works as a lightweight independent Certificate Authority (CA) processing user public information (be default only user name and email address are required) provided by the user.

Fossa Server doesn't use or transfer any information from user and related information for serving ads, including retargeting, personalized, or interest-based advertising.

Fossa Server doesn't allow no human to read user's messages and all related information.

Fossa Server doesn't share any user messages and related information to any third party and functions only as a public certificates authority which provides user public certificate only by request with email address defined.

User public certificate is used by addressees to encrypt messages send to the User.

What information we share

Following the main goal of the solution the following information is shared publicly:

Should you have any questions or clarifications do not hesitate to contact support@fossa.me