Vol. I, No. 1  ·  San Francisco
mailconnectest. 2025
Privacy Notice  ·  plain english

Privacy Notice

What we keep, and what we don’t.

Effective · 8 Apr 2026 · Plain language, no dark patterns

mailconnect is a thin bridge between your Poke account and your Fastmail mailbox. It sits between two systems you already trust, and our entire job is to be uninteresting in the middle. This notice explains, in concrete terms, what that looks like in practice.

What this service does

mailconnect is operated as a Cloudflare Worker reachable at https://api.mailconnect.app. It speaks two protocols at once: it acts as the OAuth authorization server that Poke connects to over MCP, and it acts as an OAuth client of Fastmail, exchanging access and refresh tokens with Fastmail’s endpoints. When Poke calls one of the live tools, mailconnect uses the encrypted Fastmail tokens for that grant to make a JMAP request — currently a session lookup or a mailbox listing — and returns the result. That is the entire scope of the service today.

What we collect

The data mailconnect needs to function, and nothing else. Specifically:

  • OAuth grants from Poke: when Poke registers as a client and a user consents, the underlying @cloudflare/workers-oauth-provider stores the grant in Cloudflare KV. Each grant identifies its client and scopes.
  • Encrypted Fastmail tokens: the Fastmail access and refresh tokens we receive on your behalf are stored inside that grant’s encrypted props. They are not stored anywhere else.
  • Your Fastmail username: used as the OAuth user identifier so the bridge can find the right grant when Poke reconnects.
  • Operational logs: short-lived request logs created by Cloudflare in the normal course of running a Worker. These are not used for analytics or profiling.

What we don’t collect

  • The contents of your email. The current build does not fetch message bodies, headers, attachments, or message metadata from Fastmail at all. The live tools only ask Fastmail for your account session and your mailbox list, and neither of those is persisted on our infrastructure.
  • Your Fastmail password. The OAuth flow happens entirely on Fastmail’s domain; mailconnect never sees credentials.
  • Trackers, ad SDKs, third-party analytics, fingerprinting scripts, or anything similar — neither on the marketing site you’re reading now nor on the API surface.

If and when mailconnect adds tools that read message content, this notice will be updated to describe that behavior before the new tools become available, and the additional access will require fresh consent.

How tokens are protected

Upstream Fastmail tokens are stored as encrypted props on each OAuth grant, encrypted at rest by the Cloudflare Workers OAuth Provider. They are decrypted in memory only for the duration of a request that needs them, and rotated transparently when the upstream Fastmail token is refreshed. If you revoke the grant, the encrypted props become inaccessible.

In short We hold the smallest possible thing — encrypted tokens — for the smallest possible reason — to talk to Fastmail on your behalf when Poke asks.

Sharing

We do not sell your data. We do not share it with third parties for marketing purposes. The bridge necessarily talks to two parties on your behalf: Poke (which you connected from) and Fastmail (which you authorized). Both relationships exist because you initiated them, and both can be ended unilaterally by you.

Cloudflare is our hosting provider for the Worker and KV namespace, and as such acts as a processor for the data described above. They are subject to their own published privacy practices.

Your rights

  • Disconnect at any time. Removing the integration in Poke revokes the OAuth grant on our side. Revoking the mailconnect application inside Fastmail kills the upstream tokens immediately.
  • Request deletion. If for any reason a residual grant survives the above (it shouldn’t), email [email protected] and we’ll delete it on request.
  • Ask what’s held. Because what we hold is so narrowly defined, an access request is essentially “the encrypted token props for your grant exist or do not exist.” We’ll confirm in writing on request.

Security reports

If you discover a security issue, please email [email protected] with SECURITY in the subject. We acknowledge security reports within one business day and prefer responsible disclosure with reasonable timelines.

Children

mailconnect is intended for users with their own Fastmail accounts and is not directed at children. If you believe a child has connected the service to a Fastmail account they should not have access to, contact us and we’ll help sort it out.

Changes to this notice

If we materially change what mailconnect collects or how it’s stored, we’ll update this page and revise the “Effective” date at the top. Material changes that expand collection will not apply retroactively to existing grants without re-consent.

Contact

Questions about this notice are welcome. Write to [email protected] and a real person will reply.