Architecture#

Platform#

iOS-first.

  • Target audience skews bimodal on platform; iOS-first is more uniform in device capability and matches the product’s privacy posture.
  • Apple’s privacy framing aligns with the “no data controller” stance.
  • Cross-platform is a later concern. Android, when it comes, can use the same architecture with graceful degradation on cheaper devices.

Backend#

Free tier: pure client. No backend at all.

  • App uses Gmail’s API directly via OAuth, with tokens stored in the iOS Keychain.
  • No user account in the developer’s system — the user’s identity is their Gmail account.
  • Periodic checks for new mail use BGAppRefreshTask (BGTaskScheduler). iOS opportunistically grants CPU time; the app polls Gmail and raises local notifications itself.
  • No server, no data controller status for email content, no infrastructure cost.

Limitation of the free tier: iOS background refresh is opportunistic. For users who rarely open the app, refresh frequency drops, potentially to near-zero. Force-quitting the app from the switcher disables it entirely. Low Power Mode disables it. This is an accepted limitation, not a bug.

Pro tier: a dumb-relay backend, used only for push notifications.

  • Backend receives Gmail Pub/Sub webhooks (“user X has new mail” — no content).
  • Backend forwards a silent APNs push to the device.
  • Device wakes, fetches the new mail from Gmail directly, raises a local notification.
  • Backend never sees email subjects, bodies, or contents. It stores only userID → APNs device token mappings.

The architecture is deliberately small so that the privacy story stays defensible: the developer is a data controller only for routing metadata, never for email content.

Summarisation / intelligence#

v1 has no AI. Cards show sender, subject, received time — the “dumb version.”

Future intelligence (see enhancements.md) is intended to run on-device, to avoid both per-user cloud cost and data-controller status. Graceful degradation by device capability.

Cloud-based AI was explicitly ruled out: it introduces per-user costs that this audience won’t pay, and it forces the developer into data-controller territory for email content.

Backward Feed and interaction model Monetisation Forward