Skip to main content
Inbox Imp Logo

Privacy Policy

Inbox Imp

Last Updated: July 4, 2026

Introduction

Inbox Imp ("we", "our", or "the Service") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered email organization service for Gmail.

What We Do

Inbox Imp helps you automatically organize your Gmail inbox using AI-powered classification. We read your emails, analyze them, and apply labels to help you prioritize and manage your inbox more efficiently.

Information We Collect

Gmail Data

  • Email Messages: Subject lines, sender information, message body content, metadata (dates, labels, etc.)
  • Gmail Labels: Existing labels and labels we create
  • Message IDs: Unique identifiers to track which emails we've processed
  • Account Information: Your Gmail email address

Account Data

  • Google Account email address (used for authentication)
  • OAuth access tokens (stored in an access-controlled database with row-level security; at-rest encryption is being rolled out)
  • Classification preferences and custom criteria you set

Payment Information

Payments are processed entirely by Stripe, which tokenizes payment details. We do not receive or store your card details. We store your subscription status, credit balance, and transaction history.

How We Use Your Information

Primary Uses

  • Email Classification: We analyze email content to determine appropriate labels and actions
  • Label Management: We apply labels to your Gmail messages based on AI classification
  • Service Improvement: We store classification decisions to learn and improve accuracy over time
  • User Interface: We display summaries and classifications in the web console

AI Processing

We send email subject lines and message bodies to our AI provider, OpenRouter, for classification. OpenRouter analyzes that content to determine the appropriate category and action.

What We DO NOT Do

  • Share your emails with third parties for marketing purposes
  • Sell your data to anyone
  • Use your emails for advertising
  • Read emails outside the scope of classification
  • Access emails without your explicit authorization

Data Storage and Security

What We Store

  • Classification Results: Decisions about which label to apply and why (stored in our Supabase database)
  • Message Summaries: AI-generated summaries for your reference
  • Body Previews: Short excerpts of email content, along with subject and sender, kept to power in-app search
  • Highlights: A few verbatim key sentences copied from an email, plus brief AI commentary, used to show you why an email matters and what to do about it
  • Search Embeddings: Vector embeddings (numerical representations of email content) built from the subject, sender, summary, and body preview to enable semantic search
  • OAuth Tokens: Access tokens to maintain authorized access, held in an access-controlled database (at-rest encryption is being rolled out)
  • Custom Criteria: Your classification rules and preferences

What We DO NOT Store

  • Email message bodies beyond the first ~2,000 characters (up to roughly the first 2,000 characters of each message is retained as a body preview to power in-app search — which may be the entire body for short messages — while the remainder is processed in memory only)
  • Email attachments
  • Contact lists
  • Unprocessed email content

Security Measures

  • All data transmitted using HTTPS/TLS encryption
  • OAuth tokens stored in an access-controlled database with row-level security; at-rest encryption is being rolled out and is partially in place
  • Any OpenRouter API key you provide is encrypted at rest; we keep only the last four characters as a plain hint
  • Supabase database with row-level security
  • Access logs maintained for security monitoring
  • Regular security updates and patches
  • No storage of passwords (OAuth-only authentication)

Data Retention

  • Classification Decisions: Kept until you delete them manually or revoke access
  • Email Content: Up to roughly the first 2,000 characters of each message body is retained as a preview to power in-app search (this may be the entire body for short messages); the remainder is processed only temporarily in memory
  • OAuth Tokens: Stored until you revoke access or delete your account
  • Mailbox Data: Deleted within 30 days after you remove your account or request deletion
  • Billing Records: Subscription status, credit balance, and transaction history may be retained as required for accounting and legal purposes

Third-Party Services

We use the following third-party services:

Google Gmail API

Used to access your Gmail messages. Subject to Google's Privacy Policy.

OpenRouter API

AI service used to classify email content. We send email subject lines and message bodies to OpenRouter for analysis.

Supabase

Database service used to store classifications, message metadata, encrypted OAuth tokens, and search embeddings. Subject to Supabase Privacy Policy.

Google Cloud Platform

Used to host the Service and deliver Gmail notifications through Pub/Sub. Subject to GCP Privacy Notice.

Stripe

Payment processor for memberships and credit purchases. When you pay, Stripe processes your name, email address, payment method, and billing address. Subject to Stripe's Privacy Policy.

Apple Push Notification service (APNs)

Used only if you install the Inbox Imp iPhone app and turn on notifications. When a new email is kept for you, we send Apple the sender name, the subject line, and a short excerpt of that email — the assistant's one-line summary when one is available, otherwise a snippet of the message content — so it can be delivered to your device as a notification. No push data is sent otherwise. Subject to Apple's Privacy Policy.

Your Rights and Choices

Access and Control

  • Revoke Access: Visit Google Account Permissions and remove "Inbox Imp"
  • View Classifications: Access all classification decisions via the web console
  • Delete Data: Contact us to request complete data deletion
  • Export Data: Request a copy of your classification data
  • Modify Preferences: Update classification criteria at any time

Data Deletion

To delete your data:

  1. Remove any added or linked inboxes yourself from the Accounts page in the application; this deletes that inbox's stored data (its messages, search index, tokens, policies, and related records)
  2. To delete your primary account, email us at support@inboximp.com to request full account deletion
  3. You may also revoke access at Google Account Permissions
  4. We will delete your mailbox data within 30 days; billing records may be retained as described under Data Retention

Children's Privacy

Our Service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

International Data Transfers

Your data may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers in compliance with applicable data protection laws.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by:

  • Updating the "Last Updated" date at the top of this policy
  • Sending an email notification to your Gmail address (for material changes)
  • Displaying a notice in the application

Continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:

  • Email: support@inboximp.com
  • Privacy Requests: privacy@inboximp.com

Google API Services User Data Policy

Inbox Imp's use and transfer of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements.

Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), our legal basis for processing your personal data is:

  • Consent: You have given explicit consent by authorizing our app via Google OAuth
  • Contract: Processing is necessary to provide the email organization service
  • Legitimate Interest: To improve and maintain our services

California Privacy Rights (CCPA)

California residents have specific rights regarding their personal information:

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to request deletion of personal information
  • Right to opt-out of the sale of personal information (we do not sell data)
  • Right to non-discrimination for exercising CCPA rights

To exercise these rights, contact us at privacy@inboximp.com.

Home Terms of Service Contact

© 2026 Inbox Imp. All rights reserved.