← Cloudy

Privacy Policy

Last updated: 15 June 2026

Cloudy is a free, open-source desktop application that runs entirely on your own computer. It connects directly to the services you sign in to — Microsoft 365 (via the Microsoft Graph API) and Google (via the Gmail, Google Calendar and Google Drive APIs). There is no Cloudy server, and the developer does not operate any backend that your data passes through.

What data Cloudy accesses

When you sign in to an account, Cloudy requests, with your consent, access to the parts of that account you choose to use:

• Files — OneDrive, SharePoint and Teams libraries (Microsoft) and Google Drive, so they can be mounted and browsed.
• Mail — reading, composing and sending messages.
• Calendar — reading and managing events.
• Contacts — read-only, to suggest recipients while composing.
• Profile — your name and email address, to label the account.

How your data is used

Your data is used only on your device, only to provide the features you use — displaying your mail and calendar, mounting and browsing your files, and sending messages or events you create. Cloudy does not sell, share, or transmit your data to the developer or any third party. It contains no analytics, tracking or telemetry.

Files mounted by Cloudy stream directly between your computer and your cloud provider (using rclone); they are not routed through any other party.

Where your data is stored

• Authentication tokens are stored securely in your operating system's keyring (libsecret / the Secret Service), never in plain text.
• A local cache of recently viewed mail/calendar items and mounted files may be kept on your device to make the app responsive and to support offline access. This never leaves your device.
• No personal data is stored on any server operated by the developer.

Sharing with the cloud providers

Because Cloudy talks directly to Microsoft and Google, your use of those services is also governed by their privacy policies: Microsoft Privacy Statement and Google Privacy Policy. Cloudy's use of information received from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements.

Your control

• Sign out of an account in Cloudy at any time to delete its stored tokens from your keyring.
• Revoke Cloudy's access entirely from your Google account permissions or Microsoft account permissions.
• Uninstalling Cloudy removes its local cache and configuration.

Children

Cloudy is not directed at children and does not knowingly collect data from children.

Changes

This policy may be updated as the application evolves. Material changes will be reflected on this page with a new "last updated" date.

Contact

Questions can be raised on the project's issue tracker.