Skip to content

Privacy policy

Last updated: 2026-05-09.

Chithi is a desktop email, calendar, contacts, and video-conferencing client developed in the open at github.com/SUNET/chithi. This page describes how Chithi handles your personal data and how you can exercise your rights under applicable data-protection law, in particular the EU General Data Protection Regulation (GDPR) and the UK GDPR.

What Chithi the application processes

Chithi runs entirely on your own device. When you connect a mail, calendar, contacts, or video-conferencing account, Chithi:

  • Stores your account credentials (passwords or OAuth tokens) in the operating-system keyring on your device.
  • Stores cached copies of mail, calendar entries, and contacts in a local database under your user profile.
  • Sends and receives data only between your device and the servers of the providers you have configured (your IMAP/SMTP/CalDAV/CardDAV server, Gmail, Microsoft 365, Nextcloud Talk, Matrix, Zoom, and similar).

The Chithi authors do not operate any backend that receives your mail, calendar, contact, or meeting data. We have no copy of, and no access to, the content stored on your device or transmitted between your device and your providers.

For information on how those providers handle your data once it leaves Chithi, please consult their respective privacy policies (Google, Microsoft, Zoom, your mail or calendar host, and any others). They are independent data controllers for the data you exchange with them.

What chithi.org collects

The chithi.org website is a static documentation site hosted on GitHub Pages. It does not run server-side code under our control, does not set tracking cookies, and does not include analytics scripts. GitHub may log standard request metadata such as IP address and user agent for the underlying GitHub Pages service: see GitHub's privacy statement for what GitHub does with that data.

The page at chithi.org/oauth/zoom is a static OAuth redirect helper that runs entirely in your browser. It receives a Zoom authorization code in the URL and forwards it to the Chithi desktop app on your own machine. The code is not transmitted to any server we operate.

Your rights

Under GDPR and UK GDPR you have the following rights with respect to personal data a controller holds about you:

  • Right of access: to request a copy of the personal data held about you.
  • Right to rectification: to ask the controller to correct inaccurate or incomplete personal data.
  • Right to erasure, sometimes called the right to be forgotten: to ask the controller to delete personal data held about you.
  • Right to restriction of processing: to ask the controller to limit how it uses your personal data.
  • Right to data portability: to receive a machine-readable copy of personal data you have provided.
  • Right to object: to object to processing carried out on the basis of legitimate interests or for direct marketing.
  • Right to withdraw consent at any time, where processing relies on consent.
  • Right to lodge a complaint with a data-protection supervisory authority. In Sweden this is the Integritetsskyddsmyndigheten (IMY).

Because Chithi the application processes your data only on your own device, you can exercise these rights for that data by using the application itself: removing accounts, clearing the local cache, or uninstalling the app removes the corresponding data from your device.

To exercise rights against data held by your mail, calendar, contacts, or video-conferencing provider, please contact that provider directly. They are the data controller for the data you exchange with them through Chithi.

How to contact us

For privacy questions or to exercise any of the rights listed above against personal data the Chithi authors hold (for example, in correspondence we have received from you), please open an issue at github.com/SUNET/chithi/issues or contact the maintainers through the contact information in the project repository.