Security & Privacy

Nothing leaves your phone. That's not a marketing claim — it's how Chuck is built.

Chuck processes your email entirely on your device. There are no cloud servers reading your messages, no AI providers analyzing your inbox, and no data centers storing your personal information. Your email stays on your phone, period. Here's how we keep it that way.

Authentication

OAuth2 — no passwords stored. Chuck doesn't store your email password. Instead, we use the OAuth2 protocol from Google, Microsoft, and Apple. You authenticate directly with your email provider, and Chuck receives a limited-access token. You can revoke Chuck's access at any time through your email provider's security settings.

Data Handling

Chuck reads metadata, not your messages. The app processes email headers — sender names, subject lines, dates, and sizes — to organize your inbox. Chuck doesn't read, store, or analyze the content of your messages.

No data selling. Ever. Your email data is never sold, shared with advertisers, or used to build marketing profiles. Chuck's business model is simple: we sell Chuck Pro subscriptions. That's it.

Infrastructure

Hosted on IBM Cloud. Our backend infrastructure meets enterprise security standards. All data is encrypted in transit (TLS) and at rest.

Google-certified. Chuck has completed Google's security verification for applications that access Gmail, confirming compliance with their user data protection requirements.

Your Control

Compliance

410 Labs, Inc. maintains Chuck in compliance with GDPR and applicable data protection regulations. For full details, see our Privacy Policy, Terms of Service, and GDPR information.

Vulnerability Disclosure Program

We partner with security researchers to keep Chuck safe. If you discover a vulnerability, please report it through our Vulnerability Disclosure Program.

Contact

Security questions? Reach us at support@chuck.email.