Privacy Policy

Last updated: Feb 27, 2026

Your privacy matters.

At The Inbox, we believe privacy isn’t optional — it’s a fundamental right. Our goal is to create a modern, respectful, and private email experience. We designed every part of The Inbox to ensure your data stays yours.

What we don’t do

  • We do not store your emails or message content on our servers.
  • We do not read your emails — all content stays between you and Google’s Gmail API.
  • We do not sell or share any personal information with advertisers, data brokers, or third parties.
  • We do not send background requests or track you across the internet.

Google account information

When you sign in using your Google Account, The Inbox requests limited access through Google OAuth to read, send, and manage your Gmail messages, and to access your Google Contacts for composing emails. We only request the minimum scopes required:

  • userinfo.email and userinfo.profile – to retrieve your basic account info
  • gmail.modify, gmail.readonly, gmail.send – to fetch, draft, and send emails directly through Gmail’s API
  • contacts.readonly – to show your contact suggestions

The Inbox’s use and transfer of information received from Google APIs strictly complies with the Google API Services User Data Policy, including the Limited Use requirements. We never use or share Google data for advertising.

What we do collect

The Inbox temporarily stores your access token (securely encrypted) to fetch your emails in real time — directly from Google’s servers. We may also store your Google ID, name, email address, and profile photo in our secure database to manage your session.

This information is securely managed using Firebase. No email messages, attachments, or contact data are stored on our servers; they are fetched directly and shown to you in real time.

Data security

All communication between The Inbox and Google’s APIs is protected using HTTPS and OAuth 2.0. Your session tokens are stored in encrypted, HTTP-only cookies — inaccessible to client-side scripts or third parties.

Your control

You can disconnect The Inbox from your Google account at any time via your Google Account’s “Security” settings. Once disconnected, The Inbox immediately loses all access to your data.

Contact us

If you have any questions or privacy concerns, please reach out at sendtohemendra@gmail.com. We’re committed to transparency and user trust.