Last updated: Feb 27, 2026
At The Inbox, we believe privacy isn’t optional — it’s a fundamental right. Our goal is to create a modern, respectful, and private email experience. We designed every part of The Inbox to ensure your data stays yours.
When you sign in using your Google Account, The Inbox requests limited access through Google OAuth to read, send, and manage your Gmail messages, and to access your Google Contacts for composing emails. We only request the minimum scopes required:
userinfo.email and userinfo.profile – to retrieve your basic account infogmail.modify, gmail.readonly, gmail.send – to fetch, draft, and send emails directly through Gmail’s APIcontacts.readonly – to show your contact suggestionsThe Inbox’s use and transfer of information received from Google APIs strictly complies with the Google API Services User Data Policy, including the Limited Use requirements. We never use or share Google data for advertising.
The Inbox temporarily stores your access token (securely encrypted) to fetch your emails in real time — directly from Google’s servers. We may also store your Google ID, name, email address, and profile photo in our secure database to manage your session.
This information is securely managed using Firebase. No email messages, attachments, or contact data are stored on our servers; they are fetched directly and shown to you in real time.
All communication between The Inbox and Google’s APIs is protected using HTTPS and OAuth 2.0. Your session tokens are stored in encrypted, HTTP-only cookies — inaccessible to client-side scripts or third parties.
You can disconnect The Inbox from your Google account at any time via your Google Account’s “Security” settings. Once disconnected, The Inbox immediately loses all access to your data.
If you have any questions or privacy concerns, please reach out at sendtohemendra@gmail.com. We’re committed to transparency and user trust.