Privacy Policy
Last updated: June 2026
InboxAI ("we", "our", "us") is a Chrome extension that organizes your Gmail inbox. This page explains exactly what data the extension collects, why, and where it goes.
1. What we collect
- Your Gmail address: used to identify your account, track your daily scan usage, and check your subscription status.
- A Google authorization token: created when you sign in. It's stored in our database so the extension can read and label your Gmail without asking you to sign in on every scan. It is never visible to us as a readable password — it's an access token issued by Google.
- Email metadata, only while a scan is running: subject line, sender address, a short preview snippet, and two headers (List-Unsubscribe, Precedence). This is used in memory to decide how to label each email and is not written to our database.
- Basic usage data: how many scans you've used today, and whether your account is free or premium.
- Payment confirmation: if you upgrade, your email address is shared with our payment processor (Razorpay) to link the payment to your account. We never see or store your card or UPI details.
We do not read, store, or retain the full body or content of your emails at any point.
2. How we use it
- To classify emails into labels (Promotions, Newsletters, Security, Finance, and so on) when you click Scan.
- To apply or remove Gmail labels and archive emails you choose to clean up.
- To show you inbox analytics — clutter score, phishing count — for that scan only.
- To enforce free-tier scan limits and track premium status.
- If you're on Premium and tap "Explain this email" on a specific flagged email, that email's subject, sender, and preview snippet are sent to OpenAI to generate a plain-English explanation. This only happens for the one email you ask about, and only when you ask.
3. Third-party services we use
- Google OAuth / Gmail API: for signing you in and reading/labeling your Gmail.
- Supabase: our database provider, where your email address, authorization token, and account/usage status are stored.
- Razorpay: our payment processor, for handling subscription payments.
- OpenAI: only for Premium users who request an explanation of a specific flagged email, and only for that email's metadata.
We do not sell your data, and we do not share it with advertisers.
4. Data security
- All traffic between the extension and our server is sent over HTTPS.
- Your authorization token is stored in our database, which is encrypted at rest by our hosting provider.
- Access to the database is restricted to our backend service — it isn't publicly readable.
- We do not store your email content permanently, under any circumstance.
5. Your rights
- You can revoke InboxAI's access to your Gmail at any time from your Google Account permissions page.
- You can request deletion of your account data — including your authorization token and usage history — by emailing us below.
6. Changes to this policy
If what we collect or how we use it changes, we'll update the date at the top of this page.
7. Contact
Email: yagnamurthynikhilesh@gmail.com