1. Who we are
InboxAgents ("we", "us", "our") provides an AI‑assisted unified inbox that helps you triage, summarize, and reply to messages across channels. Contact: cam@inboxagents.ai. Mailing address: 19 Whittle Road, East Rockingham, WA 6168, Australia. 2. What this policy covers
This policy explains what we collect, how we use and share it, your choices, and how we comply with Google's API policies when you connect a Google account.
3. Data we collect
Account & contact data. Name, email, login identifiers, preferences, and support communications.
Billing data. If you subscribe, payment info is processed by our payment provider (e.g., Stripe).
Technical data. Device, log, and diagnostic information necessary to operate and secure the service.
Message data from connected services. When you connect third‑party accounts (e.g., Google, Slack, LinkedIn), we process message content and metadata needed to provide features you enable.
Google user data (if you connect Google):
We request the minimum scopes required for the features you choose. Depending on your selection, these may include:
Basic profile/email (openid, email, profile) to identify your account.
Gmail (restricted scopes) such as:
gmail.readonly – read messages/metadata to triage, summarize, and surface priorities;
gmail.send – send replies you approve;
gmail.modify – apply labels or mark as read/unread as you direct.
We don't request other Gmail scopes unless a feature clearly needs them, and we'll ask in context before doing so.
4. How we use data
Provide core features: unified inbox, search, sorting/labels, alerts, daily briefings, and approved sending.
AI assistance: on‑device/in‑cloud machine learning generates summaries, classifications, and reply suggestions to improve your productivity (e.g., "generative AI summaries").
Operations & safety: troubleshooting, preventing abuse, analytics to improve reliability and UX.
Legal: comply with law and enforce terms.
5. AI processing and your Google data
We do not use Google user data to train generalized AI or LLMs, and we do not use it for ads. This is prohibited by Google policy.
Human access to Google user data is not allowed except (i) with your explicit request/consent (e.g., support you initiate), (ii) to investigate security/abuse, or (iii) to comply with law. We log and limit such access.
If we ever offer optional, per‑account personalization (e.g., fine‑tuning a model solely for your account), we will present a separate, explicit consent flow in‑product that explains what is used and how you can opt out at any time.
6. Storage & retention
Message content (including Gmail) is stored only to provide the features you enable in your unified inbox and is deleted when you delete it in InboxAgents or disconnect the account.
Derived data (classifications, summaries, embeddings, and logs) is retained for up to 30 days by default to support features and troubleshooting, then deleted or anonymized unless you choose longer retention inside settings.
Backups are kept for a limited period and then purged on a rolling basis.
7. Sharing & transfers
We do not sell personal data or use Google user data for advertising. We share data only with:
Service providers / subprocessors (e.g., cloud hosting, database, logging, customer support, AI model providers) under contract, solely to deliver the service;
Legal recipients when required by law; and
Change of control (merger/acquisition) with prior notice and continued protection.
Any processing of Google user data by providers must comply with Google's Limited Use requirements.
8. Your choices & controls
Disconnect Google: you can disconnect your Google account in InboxAgents at any time. You can also revoke our access from your Google Account's security settings ("Third‑party apps with account access").
Deletion: you can delete messages, derived data, or your account from within the product or by contacting us; we will also delete Google data we store when you disconnect.
Access/rectification/portability/objection: contact us to exercise your rights. EU/EEA residents also have GDPR rights.
9. Security
We use industry‑standard protections, including encryption in transit and at rest, access controls, and monitoring. No system is perfectly secure, but we continually improve our safeguards.
10. Children
InboxAgents is not directed to children. We do not knowingly collect data from children without appropriate consent.
11. International transfers
When transferring data internationally, we apply appropriate safeguards consistent with applicable law.
12. Changes
We'll post updates here and indicate the revised date. Material changes will be communicated in‑product or by email.
13. Google API Services disclosure
InboxAgents' use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
