Effective: June 6, 2026
googleusercontent.com
(to fetch inline images), and - only if you opt in to verifiable timestamps - a
32-byte cryptographic hash sent to a timestamping authority of your choice.
Everything. Email parsing, PDF generation, image embedding, attachment extraction, metadata creation, and PDF/A-3B archival formatting all happen inside your browser. The resulting PDF - and, if you ask for it, the original attachments - are saved directly to your Downloads folder.
Verifiable timestamp (RFC 3161) - opt-in only. When you enable the “Verifiable timestamp” checkbox, the extension computes a SHA-256 hash of the saved PDF locally and sends only that hash (32 bytes) plus an 8-byte random nonce to the timestamping authority you have configured (default: freetsa.org).
The hash is a one-way cryptographic value. It is mathematically impossible to recover the PDF content, email subject, sender, recipients, or any other information from the hash. The timestamping authority will see the hash, your IP address (as part of normal HTTP traffic), and the time of the request - nothing else.
You can change or disable the timestamping authority at any time in the extension's Settings page. Custom timestamping authority URLs must use HTTPS.
| Permission | Why it is needed |
|---|---|
| mail.google.com | To read the email you choose to save. The extension reads only the currently open email or thread. |
| googleusercontent.com | To fetch inline images embedded in emails so they appear in the PDF. |
| freetsa.org | Default timestamping authority. Contacted only when the verifiable timestamp feature is enabled. |
| Optional - custom timestamping host ( https://*/*,optional) |
Declared as broad (“any HTTPS site”) for one reason only: so that
you may point the extension at a timestamping authority of your own choosing.
The extension never requests broad access. When - and only
when - you enter a custom timestamping-authority URL and test it, your browser
prompts you to grant access to that single host. If you keep the
default (freetsa.org), this optional permission is never requested at all.
You can revoke any host you have granted at any time via
chrome://extensions. |
| storage | To remember your preferences (paper size, archival mode, etc.) locally in your browser. |
| downloads | To save generated PDFs and (optionally) email attachments to your Downloads folder. |
| downloads.open | To open the saved PDF if you click “Open file” after saving. |
| tabs | To locate and coordinate the background “Print View” tab that EmailToPDF opens to render the full email for conversion, and to route the parsed result back to the correct place. It is not used to read, monitor, or track your other browsing tabs. |
| notifications | To notify you when a save completes if the popup has closed, or if the optional timestamping authority is unreachable. |
| activeTab | To inject the conversion logic into Gmail only when you click “Save as PDF”. |
If you configure a custom timestamping authority (HTTPS only) other than the default,
your browser will prompt you to grant access to that specific host before the first
request. You may revoke this permission at any time via chrome://extensions.
Aside from your chosen timestamping authority (if you have enabled the feature), EmailToPDF does not communicate with any third-party services. We do not use analytics providers, advertising networks, crash reporting services, cloud sync, or external APIs of any kind.
Because EmailToPDF processes data exclusively on your device and transmits nothing under default settings, it operates outside the scope of most data-protection regulations as a “controller” or “processor”:
EmailToPDF is not directed at children under 13 and does not knowingly collect any data from anyone of any age.
If we make material changes to this policy, the effective date at the top of this page will be updated and a notice will be added to the next extension release notes. We will never reduce the protections described here without a clearly disclosed update.
June 6, 2026 update: Clarified, for full transparency, the optional broad host
permission used for user-chosen timestamping authorities, and expanded the description of
the tabs permission. No protections were reduced; these changes add detail
only.
For any privacy-related question, issue, or concern, email us at support@email-to-pdf.app. This address is verified by the Chrome Web Store and monitored directly by the publisher.
This policy is short because the extension is simple. Every claim above is verifiable
from the bundle that runs on your machine: open chrome://extensions →
“Details” on EmailToPDF → “Inspect views: service worker” →
“Sources” tab in DevTools. The minified bundle pretty-prints in one click and
you can search for every network endpoint, every storage write, every claim made here.