Brevity is a multi-account email client built on the principle that your email belongs on your phone. This policy describes what Brevity does — and does not — do with your data.
1. The short version
Brevity has no backend servers. We do not operate any service that handles your email.
Brevity contains no analytics, no advertising, and no third-party SDKs. The compiled binary links only Apple system frameworks. You can verify this with otool -L Brevity.app/Brevity.
Brevity's App Privacy label declares Data Not Collected in every category.
All AI summarization and reply generation runs on your device using Apple's Foundation Models (iOS 26+) or NaturalLanguage framework (iOS 17–25). No mail content is ever transmitted to Brevity or any third party for AI processing.
2. What data Brevity processes
To work as an email client, Brevity needs to read and write your email. It does so by connecting directly to your chosen mail provider using the standard protocols those providers expose:
IMAP and SMTP over TLS for iCloud Mail, generic IMAP servers, and Yahoo Mail.
Gmail OAuth 2.0 via Apple's ASWebAuthenticationSession for Gmail accounts. Brevity never sees your Google password.
Outlook / Office 365 OAuth 2.0 via the same Apple-provided web session for Microsoft accounts (post-launch update).
Mail content and account metadata are cached locally in an iOS App Group container protected with NSFileProtectionComplete (encrypted at rest, accessible only when the device is unlocked).
OAuth tokens and IMAP app passwords are stored in the iOS Keychain with accessibility kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly — they never leave your device and never sync to iCloud Keychain.
3. What data Brevity does NOT collect
We do not collect your IP address, device ID, advertising ID, or any other identifier.
We do not collect crash reports through any third-party service. Apple's MetricKit (opt-in via Settings → Privacy → Analytics) is the only telemetry path, and Apple — not Brevity — handles it.
We do not collect or process the content of any email for any purpose other than rendering it for you locally on your device.
We do not have user accounts. There is no "sign up" or "sign in to Brevity".
4. Permissions Brevity requests
Each permission is requested only when the user invokes a feature that needs it, and the full reason is shown to the user:
Contacts — to match email addresses to your contacts for display names and avatars in the inbox. Your contacts are never sent off your device.
Camera — only when you attach a photo to a draft.
Photos — only when you pick a photo to attach or save an attachment.
Calendar — when you accept a meeting invite from an email. No automatic scans take place.
Face ID — to optionally lock the app.
5. Tracker pixel shield
Brevity ships an embedded list of about 200 known tracking-pixel hosts (derived from the public-domain EasyPrivacy list) and a 1×1 pixel detector. These lists run locally — we do not call any remote service for tracker classification, and we do not log which pixels were blocked.
6. Subscriptions
Brevity Pro and Pro+ are handled by Apple's StoreKit. Apple — not Brevity — receives your payment information. We do not store or process payment data.
7. Children
Brevity is not directed at children under 13. We do not knowingly collect any data from children.
8. Changes to this policy
If we make material changes to this policy in a future app update, the in-app About screen will link to a new dated copy. The "Last updated" date at the top of this page reflects the current version.