Privacy Policy

Last Updated: November 7, 2025

1. Introduction

Clean Inbox ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we handle your data when you use our email analysis service. We analyze your Gmail messages to identify junk emails but we do not store, sell, or market your email data.

2. Information We Process

2.1 Email Data

When you authorize Clean Inbox to access your Gmail account, we temporarily process:

  • Email metadata (sender, subject, date, size)
  • Email content (for categorization purposes only)
  • Email headers and technical information

Important: We process this data in real-time and DO NOT store your email content on our servers. All analysis happens temporarily in memory and email content is discarded immediately after processing.

2.2 Message IDs for Deletion Review

When you select emails for deletion, we store only the message IDs (unique identifiers) for a one-week review period. We DO NOT store the email content, subject, sender, or any other email data—only the message IDs needed to execute the deletion request.

2.3 Authentication Data

  • OAuth access tokens (temporary, used only for API authentication)
  • Your email address (for authentication purposes only)

3. How We Use Your Information

We use your information solely to:

  • Analyze and categorize your emails as junk or important
  • Display analysis results to you in real-time
  • Authenticate your access to the Gmail API
  • Provide you with storage usage statistics
  • Delete emails you select, after a one-week review period
  • Send automated notifications before and after deletion

We DO NOT:

  • Store your email content on our servers (only message IDs during review period)
  • Sell or share your email data with third parties
  • Use your email data for marketing purposes
  • Read your emails for any purpose other than the analysis you request
  • Delete emails without your explicit selection and confirmation

4. Data Storage and Retention

Minimal Storage Model: Clean Inbox operates on a minimal-storage model. Your email content is processed in real-time and immediately discarded. We do not maintain any databases containing your email content or metadata.

Message ID Storage: When you select emails for deletion, we store only the message IDs (unique identifiers, not email content) for up to one week. This allows you to review and cancel deletion requests during the review period. After deletion is executed or cancelled, message IDs are immediately removed from our servers.

Session Data: OAuth tokens are stored only in your browser's session storage and are deleted when you close your browser or log out.

5. Gmail API Compliance

Clean Inbox's use of information received from Gmail APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we comply with:

  • Limited Use: We only request the minimum necessary permissions to provide our service
  • No data transfer to third parties (except as required for service functionality)
  • Transparent disclosure of how we use your data
  • Secure handling of all user data
  • No human access to your email content

6. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have certain data protection rights under the General Data Protection Regulation (GDPR):

  • Right to Access: Request copies of your personal data (though we don't store any)
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Request transfer of your data
  • Right to Object: Object to our processing of your data

Legal Basis for Processing: We process your data based on your explicit consent (OAuth authorization). You may withdraw consent at any time by revoking Clean Inbox's access in your Google Account settings.

Data Controller: Since we do not store your data, we act as a data processor only during the active session.

7. California Privacy Rights (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to say no to the sale of personal information (we don't sell data)
  • Right to access your personal information
  • Right to equal service and price

8. Security Measures

We implement industry-standard security measures to protect your data:

  • OAuth 2.0 authentication with secure token handling
  • HTTPS encryption for all data transmission
  • No server-side storage of email content
  • Automatic session expiration
  • Regular security audits and updates

9. Third-Party Services

Clean Inbox uses the following third-party services:

  • Google Gmail API: To access and analyze your emails (with your authorization)
  • Google OAuth 2.0: For secure authentication

We do not share your data with any other third parties for marketing or analytics purposes.

10. Children's Privacy

Clean Inbox is not intended for use by children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

11. International Data Transfers

Your data may be processed in countries other than your own. Since we don't store data, this only applies during active processing sessions. We ensure adequate safeguards are in place for any international data transfers in compliance with GDPR and other applicable laws.

12. Cookies and Tracking

Clean Inbox uses minimal cookies and local storage only for:

  • Session management (OAuth tokens)
  • Maintaining your login state

We do not use cookies for advertising, analytics, or tracking purposes.

13. Your Rights and Choices

You have the following rights:

  • Revoke Access: You can revoke Clean Inbox's access to your Gmail at any time through your Google Account settings
  • Data Deletion: Close your session to remove all temporary data. Message IDs scheduled for deletion are automatically removed after the review period
  • Cancel Deletion: During the one-week review period, you can log back in and cancel any scheduled deletions
  • Opt-Out: Simply stop using the service to discontinue data processing

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy periodically. Continued use of Clean Inbox after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: privacy@cleaninbox.com

Data Protection Officer: dpo@cleaninbox.com

For GDPR-related inquiries, EU users can contact our Data Protection Officer directly.

By using Clean Inbox, you acknowledge that you have read and understood this Privacy Policy and agree to its terms.