Recipient Guard — Privacy Policy
Last updated: 15 July 2026
Recipient Guard is a Microsoft Outlook add-in that warns you at send time when
a recipient looks like it may have been chosen incorrectly (for example, picked
from AutoComplete). It is provided by RecipientGuard Ltd,
registered in England and Wales (company number 17168880). This policy explains
what the add-in accesses and how that information is handled.
The short version
- There is no Recipient Guard server. The add-in has no
backend of its own. It does not send your data to us or to any third party.
- All recipient analysis runs locally, inside Outlook, on
your device.
- The only data the add-in stores is a small list of your frequent contacts
and your chosen exceptions, kept inside your own Microsoft 365
mailbox.
What the add-in accesses
- Recipients of the message you are composing (To, Cc, Bcc)
and their email addresses and display names — read at send time to check for a
likely wrong recipient.
- Your Microsoft 365 profile (Microsoft Graph
User.Read) — to determine your own email address and organisation
domain, so internal recipients aren't flagged as external.
- Your frequently-contacted people (Microsoft Graph
People.Read) — the display names and email addresses of people you
email often, used to recognise when a recipient differs from the address you
normally use for that person. This is requested only when you turn on
Smart detection, and Microsoft asks for your consent first.
What is stored, and where
- A compact list of your frequent contacts (name + email) is cached in
Office roaming settings, which are stored within your own
Microsoft 365 mailbox by Microsoft. It never leaves your Microsoft 365
environment.
- Addresses you mark as "Don't warn about this address" (your
whitelist) are stored the same way.
- The add-in keeps no logs and performs no analytics or tracking.
What is not done
- Message bodies and attachments are never read.
- No recipient data, contact data, or message content is transmitted to the
developer or any third party.
- Your information is never sold, shared, or used for advertising.
Data controlled by Microsoft
The add-in runs inside Microsoft Outlook and uses Microsoft Graph and Office
storage. Microsoft's handling of that data is governed by the
Microsoft Privacy
Statement. You can review or revoke the permissions you granted at
myapps.microsoft.com.
Retention and removal
The cached contact list and whitelist remain in your mailbox's roaming
settings until you remove the add-in or clear its settings. Removing the add-in
stops all access; revoking consent at myapps.microsoft.com ends the Graph
permissions.
Contact
Questions about this policy: support@recipientguard.co.uk.