OutreachMerge

Privacy Policy

Last updated: June 27, 2026

The short version: OutreachMerge runs entirely inside your own browser. It signs into your Microsoft account and sends email from your own mailbox. Your Microsoft sign-in token and your recipient lists are stored locally on your device. OutreachMerge does not operate a server that receives your contacts, your email content, or your credentials, and we do not sell your data.

1. Who we are

OutreachMerge ("OutreachMerge", "we", "us") is a Chrome browser extension that performs mail merge for Microsoft Outlook and Microsoft 365. You import a CSV of recipients, personalize a message with {{merge_fields}}, and send it from your own mailbox through the official Microsoft Graph API. This policy explains exactly what data the extension touches and where it lives.

2. The core principle: local-only by design

OutreachMerge is a client-side tool. All of its working logic runs inside the extension on your computer. There is no OutreachMerge application server in the data path. When you send an email, the extension calls Microsoft Graph directly from your browser using your own access token — the message goes from you, to Microsoft, to your recipient. It does not pass through us.

3. What data the extension handles, and where it is stored

Data	Where it lives	Why
Your Microsoft access & refresh token, and basic profile (name and email address returned by Microsoft's `/me` endpoint)	Locally, in `chrome.storage.local` on your own device	So the extension can send mail from your mailbox and keep you signed in without asking you to re-authenticate constantly.
Your recipient lists (the CSV you import) and your campaign drafts (subject, body, merge fields)	Locally, in `chrome.storage.local` on your own device	So you can build, preview, and run a merge.
Send logs and per-day quota counts	Locally, in `chrome.storage.local` on your own device	To show send progress, errors, and how many of your daily sends remain.
Your settings (Azure client ID, rate limits, unsubscribe text, tracking endpoint)	Locally, in `chrome.storage.local` on your own device	To configure how the extension connects and sends.

We never receive any of the above. Your token, your contacts, your message content, and your settings stay on your device in your browser's local extension storage. OutreachMerge has no backend database that stores them.

4. How sign-in works

OutreachMerge signs you in using Microsoft's standard OAuth 2.0 Authorization Code flow with PKCE (a public client, with no secret). You authenticate on Microsoft's own pages at login.microsoftonline.com; OutreachMerge never sees your password. Microsoft returns an access token and refresh token to the extension, which are stored locally as described above. We request only the scopes the product needs:

openid, profile — to identify which account you signed in as.
User.Read — to read your own basic profile (your name and email), shown in the panel.
Mail.Send — to send mail from your mailbox.
offline_access — to refresh your session silently so you stay signed in.

5. How email is sent

When you run a merge, the extension personalizes each message locally and posts it to https://graph.microsoft.com (Microsoft Graph) using your access token, from your own account. Sending is rate-limited and a clear unsubscribe footer is appended by default. Microsoft processes and delivers the mail under your Microsoft account and Microsoft's own terms and privacy policy.

6. Open-tracking pixel (off by default)

OutreachMerge can optionally insert a 1×1 open-tracking pixel into HTML emails. This feature is off by default. OutreachMerge does not run or host any tracking server. If you choose to enable tracking, you must supply your own HTTPS endpoint; the pixel points at your endpoint, and the open event is recorded by you, not by us. We receive no open data. If you never enable it, no pixel is ever added.

7. Payments (ExtensionPay)

The optional Pro upgrade is handled by ExtensionPay, a third-party payment processor for browser extensions, which uses Stripe to process payments. When you choose to upgrade, ExtensionPay (and Stripe) handle your payment details and subscription status directly — OutreachMerge never sees or stores your card information. The extension only asks ExtensionPay whether your account is currently paid, in order to unlock Pro features. If you never upgrade, ExtensionPay is not contacted for billing. See ExtensionPay's own privacy policy at extensionpay.com/privacy.

8. Hosts the extension contacts

login.microsoftonline.com — Microsoft sign-in and token refresh.
graph.microsoft.com — read your profile and send your mail.
api.extensionpay.com — check Pro status / open checkout (only if you use Pro).

These are the only hosts the extension is permitted to contact, and each is used solely for the purpose above.

9. What we do not do

We do not sell, rent, or share your data with anyone.
We do not transmit your contacts, recipient lists, message content, or credentials to OutreachMerge servers (we operate none in the data path).
We do not run analytics or advertising trackers inside the extension.
We do not build profiles of you or your recipients.

10. Your control and data deletion

Because everything is stored locally, you are in full control:

Sign out in the extension to clear your stored Microsoft tokens.
Delete a campaign to remove its recipient list and draft from local storage.
Uninstall the extension to remove all of its local data (tokens, recipients, campaigns, logs, settings) from your device.

To revoke OutreachMerge's access to your Microsoft account entirely, you can also remove it from your Microsoft account's connected-apps page at myapps.microsoft.com.

11. Children

OutreachMerge is a business productivity tool and is not directed at children under 13.

12. Changes to this policy

If we change this policy, we will update the date above and post the new version at this URL before the change takes effect.

13. Contact

Questions about privacy? Email krishnakumarikajal@gmail.com