Privacy Policy

Kyocera Scanner SMTP Relay — smtp.kyocerascanner.com
Last updated: May 31, 2026

1. What This Service Does

The Kyocera Scanner SMTP Relay ("Service") enables office copiers and scanners that support only SMTP to send scanned documents via email through authenticated Microsoft 365 and Google Gmail accounts, as well as through the kyocerascanner.com domain directly. The Service is operated by Carrel's Office Solutions.

2. Information We Collect

When you connect a Microsoft or Google account to this Service, we collect and store:

• OAuth tokens (access token and refresh token) — used solely to send email on your behalf
• Email address — the email address associated with the connected account
• SMTP credentials — a username and hashed password for copier authentication

We also log the following for each email sent through the relay:

• Timestamp
• Sender and recipient email addresses
• Success or failure status

3. Information We Do NOT Collect or Store

• Email content — message bodies, subjects, and attachments are relayed in real-time and never stored
• Scanned documents — files pass through the relay and are not saved to disk
• Contact lists or mailbox contents — we do not read, access, or store any email beyond what is submitted for sending

4. How We Use Your Information

• OAuth tokens: Used exclusively to authenticate with Microsoft Graph API or Gmail API to send email on your behalf. Tokens are encrypted at rest using AES-256-GCM.
• Email address: Used to send you notifications if your OAuth token expires and needs re-authentication.
• Audit logs: Used for troubleshooting, abuse prevention, and service monitoring. Logs are retained for the lifetime of your account.

5. Third-Party Services

This Service integrates with the following third-party services to send email on your behalf:

• Microsoft Graph API — for Microsoft 365 / Outlook accounts. Subject to Microsoft's Privacy Statement.
• Gmail API — for Google / Gmail accounts. Subject to Google's Privacy Policy.
• Postfix MTA — for direct sends from @kyocerascanner.com addresses. Emails are sent directly from our server with no third-party intermediary.

6. Google API Services User Data Policy

This application's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only request the gmail.send scope — the minimum permission needed to send email
• We do not use Google user data for advertising, market research, or any purpose unrelated to sending email
• We do not share Google user data with third parties except as necessary to send the email
• Humans do not read user email content unless required for security purposes, with user consent, or to comply with law

7. Data Security

• All SMTP connections require STARTTLS (TLS 1.2+)
• OAuth tokens are encrypted at rest with AES-256-GCM
• SMTP passwords are stored as bcrypt hashes
• The admin panel is served over HTTPS with a valid Let's Encrypt certificate
• Failed authentication attempts trigger automatic account lockout
• The service runs on a hardened VPS with firewall rules restricting access

8. Data Retention and Deletion

Your data is retained for as long as your account is active. To delete your account and all associated data (OAuth tokens, credentials, audit logs), contact your administrator or request deletion at the email below. Upon deletion, all stored data is permanently removed.

9. Revoking Access

You can revoke this application's access to your account at any time:

• Microsoft: Microsoft Account Permissions
• Google: Google Account Permissions

10. Contact

For questions about this privacy policy or to request data deletion:

Carrel's Office Solutions
Email: info@carrels.com