Halonex Mail
Privacy Policy

1. Introduction

Welcome to Halonex Mail. Your privacy is not just a feature — it is the foundation upon which this application was built. This Privacy Policy explains in clear, plain language what personal data we collect, why we collect it, how we protect it, how long we keep it, and what rights you have over it.

Halonex Mail is designed as a privacy-first, security-first email client. We do not operate cloud servers that store your email. We do not sell, share, or monetize your personal data. We do not run advertisements. We do not employ analytics trackers. Your emails belong to you, and we have engineered every layer of this application to keep it that way.

This policy applies to all users of the Halonex Mail iOS application, regardless of location. Where applicable, it specifically addresses compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India.

By using Halonex Mail, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the application.

2. About Halonex Mail

Halonex Mail is a native iOS email client that connects directly to your email server using the standard IMAP and SMTP protocols. It is a client-side application — all data processing occurs on your device. There is no intermediary Halonex cloud server between you and your email provider.

Key Architecture Principles

• Direct Connection: The app connects directly from your device to your email server (e.g., fusion.mxrouting.net) using encrypted channels. No Halonex relay or proxy server is involved.
• Zero Knowledge: Halonex (the developer) has zero access to your emails, credentials, contacts, or any other personal data. We cannot read your emails, even if compelled by law, because we never possess them.
• On-Device Processing: Email threading, search, phishing detection hash computation, and notification generation all happen locally on your device.
• No Backend: Halonex Mail does not communicate with any Halonex-operated backend server for its core email functionality. The only external communication is with your configured email server and the Vanta phishing protection API.

3. Definitions

For the purposes of this policy:

4. Data We Collect

Halonex Mail collects and processes the following categories of personal data. We collect only what is strictly necessary to provide the email service you have requested.

4.1 Authentication Credentials

• Your password is stored exclusively in the iOS Keychain, Apple's hardware-backed secure credential storage.
• The Keychain entry is protected with kSecAttrAccessibleWhenUnlockedThisDeviceOnly, meaning it is only accessible when your device is unlocked and is never synced to iCloud or other devices.
• Halonex (the developer) never has access to your password.

4.2 Email Content

• Email content is synced directly from your email server to your device.
• Email content never passes through any Halonex-operated server.
• Locally cached copies are encrypted with AES-256-GCM.

4.3 Consent & Privacy Records

4.4 App Preferences & Configuration

4.5 Data We Do NOT Collect

• No device identifiers (IDFA, IDFV, or hardware serial numbers)
• No location data (GPS, Wi-Fi, or cell tower)
• No contacts or address book data
• No call logs or SMS
• No browsing history
• No app usage analytics or telemetry
• No crash reports sent to Halonex servers
• No advertising identifiers
• No biometric data (Face ID / Touch ID data never leaves Apple's Secure Enclave)
• No financial or payment data
• No social media accounts
• No health data
• No clipboard contents (the clipboard is wiped on app background)

5. How We Collect Your Data

5.1 Data You Provide Directly

• Authentication credentials: You enter your email address and password on the login screen. These are transmitted directly to your email server over an encrypted TLS 1.3 connection and stored in the iOS Keychain.
• Consent decisions: You actively toggle consent for each data processing purpose during onboarding and in the Privacy & Data settings screen.
• Grievance submissions: You type and submit grievance descriptions through the in-app grievance form.

5.2 Data Collected Automatically from Your Email Server

• Email content: When you grant consent for Email Synchronization, the app connects to your email server via IMAP and fetches your email messages. This data is transmitted directly from your email server to your device.
• Folder structure: The app queries your IMAP server for the list of available mailboxes.
• Email flags: Read/unread and starred/flagged status are synced from your IMAP server.

5.3 Data Generated On-Device

• Conversation threads: The app applies the JWZ threading algorithm locally on your device to group related emails into conversation threads.
• Sender avatar colors & initials: Computed deterministically from sender names and email addresses using a hash function — no network requests are made.
• Email previews: The first ~120 characters of email body text are extracted on-device, with HTML tags stripped.
• Phishing domain hashes: SHA-256 hashes of domains found in emails are computed locally before being checked against the Vanta API. The actual email content is never sent.

6. Purpose of Data Collection

We process your personal data only for the specific purposes listed below. Each purpose requires your explicit consent, and you may withdraw consent at any time.

6.1 Email Synchronization Essential

Purpose: To connect to your email server via IMAP/SMTP to fetch, send, and manage your emails.

This is the core function of an email client. Without this consent, the app cannot fetch or send emails.

6.2 Push Notifications Optional

Purpose: To alert you when new emails arrive, even when the app is in the background.

The app uses IMAP IDLE in the foreground for real-time push, and iOS Background App Refresh for periodic background checks. All notifications are local notifications — they are generated on your device, not pushed from any Halonex server.

6.3 Local Email Caching Optional

Purpose: To store encrypted copies of your emails on your device for faster loading and offline access.

Cached data is automatically purged based on your configured retention period (default: 24 hours). All cached files are encrypted with AES-256-GCM before being written to disk.

6.4 Biometric Authentication Optional

Purpose: To protect access to your emails using Face ID, Touch ID, or Optic ID.

The app never receives, stores, or processes your actual biometric data. Apple's Secure Enclave processes the biometric comparison and returns only a pass/fail result to the app.

6.5 Cross-Border Data Transfer Essential

Purpose: Your email data is transmitted to and from your email server, which may be located outside India (e.g., fusion.mxrouting.net in the United States).

All cross-border transfers are encrypted end-to-end using TLS 1.3 with SPKI certificate pinning.

7. Legal Basis for Processing

Under the Digital Personal Data Protection Act, 2023, the legal basis for processing your personal data is:

• Consent (§6): You provide explicit, informed, granular consent for each processing purpose during onboarding and can modify your consent at any time in the Privacy & Data settings.
• Legitimate Use (§7): Certain minimal processing (e.g., displaying the privacy notice itself, maintaining consent audit records) is performed to comply with legal obligations under the DPDP Act.

We do not rely on "legitimate interest" as a catch-all basis. Every data processing activity is tied to a specific, consented purpose.

8. Consent Management

Halonex Mail implements a comprehensive, granular consent management system in compliance with DPDP Act §6.

8.1 How Consent Works

1. First Launch: Before any personal data is collected, you are presented with a full-screen Privacy Notice (DPDP Act §5). You must read the notice and explicitly toggle consent for each processing purpose.
2. Granular Control: Consent is managed independently for each of the five purposes.
3. Essential vs. Optional: Email Synchronization and Cross-Border Data Transfer are marked as "Essential." Push Notifications, Local Caching, and Biometric Authentication are optional.
4. Age Attestation: You must attest that you are 18 years or older before consenting (DPDP Act §9).

8.2 Withdrawing Consent

You can withdraw consent for any purpose at any time by navigating to Settings → Privacy & Data and toggling the relevant switch off. Withdrawal is immediate and effective:

Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

8.3 Consent Audit Trail

Every consent decision (grant or withdrawal) creates an immutable, timestamped record containing the specific purpose, whether consent was granted or withdrawn, the timestamp, the method (onboarding, settings toggle, explicit withdrawal, or re-consent), and the privacy notice version in effect.

This audit trail is encrypted with AES-256-GCM and stored on your device. You can export it at any time via the Right to Access feature.

8.4 Re-Consent Requirements

• Privacy notice version change: If we update this privacy policy, you will be shown the updated notice and asked to re-consent before data processing continues.
• Essential consent revoked: If essential consents are withdrawn, the app will prompt you to re-enable them on next launch.
• Periodic re-affirmation: Re-consent is requested every 10 days to ensure your preferences remain current and intentional.

9. Data Storage & Encryption

9.1 Encryption at Rest (AES-256-GCM)

All data stored locally on your device is encrypted using AES-256-GCM, a military-grade authenticated encryption algorithm.

• A 256-bit master encryption key is generated using Apple CryptoKit's secure random number generator on first launch.
• This key is stored in the iOS Keychain with the protection class kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly — the key is only accessible when the device has a passcode set, is bound to the specific device, and is never synced to iCloud or backed up.
• Each encryption operation uses a unique 12-byte random nonce, preventing identical plaintext from producing identical ciphertext.
• The GCM authentication tag (16 bytes) provides tamper detection — any modification of the ciphertext is detected and decryption is rejected.

Wire format of encrypted files: [12-byte nonce][ciphertext][16-byte GCM tag]

9.2 What Is Encrypted

9.3 iOS File Protection

All cached files are written with completeFileProtection, meaning they are additionally encrypted by iOS using a key derived from your device passcode and are completely inaccessible when the device is locked.

9.4 Secure Memory Handling

• Memory locking (mlock): Sensitive memory pages are locked into RAM to prevent the OS from swapping them to disk.
• Cryptographic wiping (memset_s): When sensitive data is no longer needed, the memory is overwritten with zeros in a 3-pass cycle.
• Core dump prevention: Core dump generation is disabled at launch (RLIMIT_CORE set to 0).
• Constant-time comparison: Cryptographic comparisons use constant-time algorithms to prevent timing side-channel attacks.

9.5 Secure Deletion

When data is deleted (cache expiry, logout, or Right to Erasure), it is not simply removed from the filesystem. Instead:

1. The file is overwritten 3 times with cryptographically random data (from SecRandomCopyBytes).
2. Each overwrite pass is flushed to storage with synchronizeFile().
3. The file is then deleted from the filesystem.

10. Data Retention & Deletion

10.1 Retention Periods

10.2 Automatic Purge

Cached emails older than your configured retention period are automatically purged on every app launch. The default retention period is 24 hours. You can adjust this from 6 hours to 30 days in Settings → Privacy & Data → Data Retention. Automatic purge uses secure deletion (3-pass random overwrite).

10.3 Manual Deletion

• Logout: Immediately deletes all cached emails (with secure deletion), removes credentials from the Keychain, disconnects all IMAP connections, clears all notifications, and resets notification state. Consent records are preserved for audit purposes.
• Right to Erasure: Complete and irreversible deletion of all personal data via Settings → Privacy & Data → Delete All Personal Data.

10.4 Clipboard Hygiene

The system clipboard is automatically cleared every time the app moves to the background, preventing copied email content from being accessible to other apps.

11. Network Security & Data in Transit

11.1 TLS 1.3 Enforcement

All network connections (IMAP to port 993, SMTP to port 465) use TLS 1.3 exclusively — the latest and most secure version of the Transport Layer Security protocol. Older versions (TLS 1.2, 1.1, 1.0) are explicitly rejected. TLS session resumption is disabled to prevent session resumption attacks.

11.2 Certificate Pinning (SPKI)

To protect against MITM attacks — including those from rogue or compromised Certificate Authorities — Halonex Mail implements SubjectPublicKeyInfo (SPKI) SHA-256 certificate pinning.

1. The app contains pre-computed SHA-256 hashes of the public keys of the trusted certificates for the email server.
2. On every TLS connection, the app validates the system trust chain and computes the SPKI SHA-256 hash of every certificate in the presented chain.
3. If no certificate matches a pinned hash, the connection is rejected, even if the system trust chain validated successfully.
4. Both the leaf certificate and a backup intermediate CA are pinned, allowing for certificate rotation without app updates.

11.3 Connection Timeout

Network connections have a tightened 10-second timeout to minimize exposure to network-level attacks.

11.4 Connection Reuse & Retry

The app maintains a persistent IMAP connection for the session duration. If a connection fails, it retries with exponential backoff (1s, 2s, 4s) up to 3 attempts. Authentication failures are not retried.

12. Cross-Border Data Transfers

12.1 Server Location

Your email is hosted on the mail server fusion.mxrouting.net, which is located in the United States. This means your email data is transmitted between your device and a server located outside India.

12.2 DPDP Act §16 Compliance

• Explicit Consent: Cross-Border Data Transfer is classified as an "Essential" consent purpose. You are clearly informed about the server location and must explicitly consent during onboarding.
• Encryption: All data transmitted across borders is encrypted with TLS 1.3 and protected by SPKI certificate pinning.
• Acknowledgment Record: Your acknowledgment of the cross-border transfer is recorded with a timestamp and stored (encrypted) on your device.

12.3 Government Access

Halonex (the developer) does not have access to your emails and cannot comply with government data access requests for your email content. Such requests would need to be directed to your email server provider (MXrouting) or to you directly.

13. Biometric Authentication

13.1 How It Works

1. The app presents a biometric challenge every time it returns from the background.
2. The biometric check is performed entirely by Apple's Secure Enclave — a dedicated hardware security processor on your device.
3. The app receives only a boolean pass/fail result. It never receives, accesses, processes, or stores your actual biometric data.
4. If biometric authentication fails, the app falls back to your device passcode.
5. If neither biometric nor passcode authentication is available, the app allows access without biometric gating.

13.2 Screen Recording & Screenshot Protection

• When the app detects screen recording, the biometric lock is automatically engaged.
• When the app enters the background or app switcher, a branded security shield overlay is displayed, preventing email content from appearing in screenshots.
• The system clipboard is cleared on background to prevent data leakage.

13.3 Auto-Lock

The app automatically locks (requiring re-authentication) immediately when it moves to the background. The lock timeout is set to zero — there is no grace period.

14. Device Integrity & Security Monitoring

14.1 Jailbreak & Tampering Detection

At launch and every 30 seconds during use, Halonex Mail performs comprehensive device integrity checks to detect compromised environments:

14.2 Threat Response

• Critical threats (jailbreak, debugger, runtime manipulation): A full-screen warning is displayed. You may acknowledge the risk and proceed.
• Non-critical threats (suspicious dylib, code signature anomaly): A warning is displayed with the option to proceed.
• Continuous monitoring: Security checks repeat every 30 seconds throughout app use.
• Breach recording: If threats indicate potential data compromise, a breach record is automatically created under DPDP Act §8(6).

14.3 WebKit Cache Clearing

When the app enters the background, all WebKit website data (cookies, local storage, caches) is cleared to prevent data leakage from rendered HTML email content.

15. Phishing Protection

15.1 Vanta Phishing Detection Service

Halonex Mail integrates with the Vanta Phishing Detection API to warn you about potentially dangerous links in emails.

15.2 How It Works

1. When you open an email, the app extracts all domains — from the sender's email address and from all hyperlinks in the email body.
2. Each domain is hashed with SHA-256 on your device.
3. Only the SHA-256 hash is sent to the Vanta API. The actual domain name, email content, sender information, and any other personal data are never transmitted.
4. The API responds with whether the hash matches a known phishing domain.
5. If a match is found, a prominent phishing warning banner is displayed in the email reading view.

15.3 Privacy Properties

• No email content leaves your device: Only domain hashes are sent — not the emails themselves.
• No caching of results: Phishing checks are performed fresh each time.
• Fail-safe: If the API is unreachable, the email is treated as safe to avoid false positives.
• Timeout: API requests have a 10-second request timeout and 15-second resource timeout.

15.4 Vanta API Data

The Vanta API receives: SHA-256 hashes of domain names, your device's IP address (inherent in any network connection), standard HTTP headers.

The Vanta API does not receive: your email address, email content, your identity, or device identifiers.

16. Local Notifications

16.1 How Notifications Work

Halonex Mail uses local notifications — not remote push notifications from a Halonex server.

• Foreground: The app uses IMAP IDLE to maintain a persistent connection and receive real-time alerts.
• Background: iOS Background App Refresh checks for new emails approximately every 15 minutes.
• Notifications display the sender name, subject line, and a preview. They are grouped by conversation thread.

16.2 Notification Actions

• Reply: Opens the compose view with reply context.
• Archive: Moves the email to the Archive folder.
• Mark as Read: Marks the email as read without opening the app.

16.3 Consent

Notifications require both your DPDP consent for the "Push Notifications" purpose and standard iOS notification permission. If either consent is missing, no notifications will be delivered.

17. Third-Party Services

Halonex Mail uses the absolute minimum of external services:

We do not use: Google Analytics, Firebase, Crashlytics, advertising networks, social media SDKs, customer support tools that transmit data off-device, A/B testing or feature flag services.

18. Data Sharing & Disclosure

18.1 We Do Not Sell Your Data

Halonex does not sell, rent, lease, trade, or otherwise monetize your personal data. Full stop.

18.2 We Do Not Share Your Data

Your personal data is not shared with any third party for marketing, advertising, research, or any other purpose.

18.3 Circumstances Where Disclosure May Occur

• Your email server: This is necessary for the app to function. The data is governed by your email provider's privacy policy.
• Vanta Phishing API: Only SHA-256 hashes of domains (not personal data) are sent for phishing detection.

Because Halonex operates a zero-knowledge architecture and does not store your personal data on any server we control, we have no data to disclose in response to legal requests. We literally cannot provide what we do not possess.

19. Children's Privacy

Halonex Mail is intended for users aged 18 years and older. In compliance with DPDP Act §9:

• During onboarding, you must attest that you are 18 years of age or older.
• This age attestation is recorded and encrypted on your device.
• If you are under 18, you should not use this application without verifiable parental consent.

The app includes a compliance hook for parental consent, which may be activated in future versions. If we become aware that a minor has provided personal data without consent, we will take steps to address the concern through the Right to Erasure feature.

20. Your Rights Under the DPDP Act, 2023

As a Data Principal under the DPDP Act, you have the following rights. Halonex Mail provides in-app tools to exercise each of these rights without needing to contact us.

20.1 Right to Access (§11)

You have the right to obtain a summary and machine-readable copy of all personal data processed by the app.

How to exercise: Open Settings → Privacy & Data → Your Data. Tap "View Data Summary" for a human-readable report, or "Download My Data" to generate a comprehensive JSON export delivered via the iOS Share Sheet.

20.2 Right to Correction (§12)

You have the right to request correction of inaccurate personal data. The app stores minimal mutable profile data. Your email address is managed by your email server and cannot be corrected locally. The app includes a compliance hook for future profile data correction needs.

20.3 Right to Erasure (§13)

You have the right to request complete and irreversible deletion of all personal data.

How to exercise: Open Settings → Privacy & Data → Your Data and tap "Delete All Personal Data."

The erasure process performs 10 steps, in order:

1. Withdraw all consents — creating a final audit record.
2. Purge grievance data and breach records.
3. Purge all DPDP compliance data (consent records, age verification, cross-border acknowledgments, retention policy files).
4. Purge encrypted email cache with secure 3-pass overwrite.
5. Destroy the master encryption key — making all previously encrypted data mathematically irrecoverable.
6. Delete credentials from the Keychain.
7. Clear all notifications and tracking state.
8. Disconnect the IMAP connection.
9. Clear all UserDefaults (app preferences).
10. Log out immediately.

This action is irreversible. After erasure, you would need to set up the app from scratch.

20.4 Right to Grievance Redressal (§13)

Navigate to Settings → Privacy & Data → Grievance Redressal to file a grievance. Categories include: Consent Issue, Data Access Request, Data Correction Request, Data Erasure Request, Data Breach Concern, or Other. Under DPDP Act §13, we respond within 30 days.

Escalation: If unsatisfied, you may file a complaint with the Data Protection Board of India at [email protected].

20.5 Right to Withdraw Consent (§6(6))

Toggle off the relevant consent switch in Settings → Privacy & Data → Consent Management. The withdrawal takes effect immediately.

21. Grievance Redressal

21.1 Data Protection Officer

For any questions, concerns, or grievances about your personal data, please contact our Data Protection Officer:

Email: [email protected]

21.2 Response Commitment

• We will acknowledge your grievance within 48 hours.
• We will provide a substantive response within 30 days, as required by DPDP Act §13.
• If your grievance requires technical investigation, we will keep you informed of progress.

21.3 Escalation

If you are not satisfied with our response, you have the right to:

1. File a complaint with the Data Protection Board of India at [email protected].
2. Seek judicial remedies as provided under applicable law.

22. Data Breach Notification

22.1 Our Commitment

In compliance with DPDP Act §8(6), in the event of a personal data breach, we will:

1. Notify you immediately through the app via an in-app alert.
2. Notify the Data Protection Board of India as required by law.
3. Provide clear information about the breach type, affected data categories, and mitigation steps taken.

22.2 Automated Breach Detection

The app's continuous security monitoring automatically detects potential breaches. When a device integrity violation is detected that may compromise personal data, the system creates a formal breach record with a unique ID, classifies the breach type, identifies affected data categories, and generates a notification document suitable for submission to the Data Protection Board.

22.3 Mitigation Steps

• Immediate user notification via in-app alert
• Purge of encrypted cache
• Termination of active IMAP/SMTP connections
• Activation of continuous integrity monitoring

23. App Permissions

Halonex Mail requests only the following iOS permissions:

We do not request: Camera, Microphone, Photo Library, Contacts, Location, Bluetooth, Health data, or Motion data access.

24. Cookies & Tracking Technologies

Halonex Mail does not use cookies, web beacons, pixels, tracking scripts, or any form of tracking technology.

• The app does not contain any web views that set cookies for tracking purposes.
• When HTML emails are rendered, WebKit caches are automatically cleared when the app enters the background.
• No fingerprinting techniques are employed.
• No advertising identifiers are collected or transmitted.

25. Analytics & Telemetry

Halonex Mail does not collect any analytics or telemetry data.

• No usage metrics (screen views, tap counts, session duration)
• No performance metrics sent to external services
• No crash reports sent to Halonex servers
• No A/B testing or feature experimentation
• No heatmaps or user behavior tracking

The app does use os.Logger for debug-level logging in development builds, but these logs are stored only in the system log on your device, are never transmitted anywhere, and are automatically purged by iOS.

26. Open-Source & Third-Party Libraries

Halonex Mail is built with zero third-party dependencies for its core functionality. All networking, encryption, certificate pinning, biometric authentication, secure memory management, and threading algorithms are implemented using Apple's native frameworks:

• Foundation — Core data types and networking
• Network.framework (NWConnection) — Raw TCP/TLS connections for IMAP and SMTP
• CryptoKit — AES-256-GCM encryption and SHA-256 hashing
• Security.framework — Keychain access, certificate handling, and SPKI extraction
• LocalAuthentication — Face ID, Touch ID, and Optic ID
• UserNotifications — Local notification management
• BackgroundTasks — Background App Refresh scheduling
• SwiftUI — User interface
• WebKit — HTML email rendering (with aggressive cache clearing)
• CoreData — Persistence controller (minimal usage)

No third-party pod, SPM package, or Carthage dependency is used. This minimizes supply-chain attack surface and ensures complete transparency over what code is executing on your device.

27. Changes to This Privacy Policy

27.1 Versioning

This privacy policy is versioned. The current version is 1.0, effective March 22, 2026.

When we make changes:

1. The version number and "Last Updated" date will be updated.
2. A summary of changes will be included.
3. You will be required to re-consent within the app before data processing continues.
4. The updated policy will be made available on our website and within the app.

27.2 Notification of Changes

• An in-app re-consent flow that presents the updated privacy notice.
• An update to this webpage.
• Where material changes are made, a notification within the app.

27.3 Continued Use

Your continued use of the app after re-consenting to an updated privacy notice constitutes acceptance of the changes. If you do not consent, you may exercise your Right to Erasure and discontinue use.

28. Governing Law & Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of India, specifically the Digital Personal Data Protection Act, 2023 (Act No. 22 of 2023).

Any disputes arising from this policy or the app's data handling practices shall be subject to the jurisdiction of the Data Protection Board of India and the competent courts in India.

29. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data:

Data Protection Officer

Email: [email protected]

Data Protection Board of India

Email: [email protected]

General Inquiries

Website: halonex.net

Security Measures Summary

For quick reference, here is a summary of every security measure protecting your data in Halonex Mail: