Privacy Policy

Last updated: March 2026

1. What we collect

Inbox Lightning connects to your Gmail account via Google OAuth and reads metadata only — sender address, recipient address, subject line, and timestamp. We never read, store, or process the body content of your emails.

We also store:

  • Your Google account email address and display name
  • OAuth tokens (access token + refresh token) to maintain Gmail sync
  • Thread metadata: subject, participants, timestamps, message count
  • Derived data: contact profiles, relationship scores, urgency classifications
  • Your settings preferences (timezone, work hours, VIP rules, blacklist rules)

2. How we use your data

  • To power the Inbox Lightning dashboard and priority classifications
  • To sync your Gmail inbox incrementally (hourly, within work hours)
  • To generate AI-assisted urgency analysis and reply drafts (Pro plan)
  • To send you daily digest and post-call digest emails (if enabled)
  • To compute relationship health scores and communication patterns

We never sell your data, share it with advertisers, or use it to train AI models.

3. Third-party services

  • Google APIs — Gmail metadata sync and Google Calendar (post-call digest). Governed by Google's Privacy Policy.
  • Mistral AI — Thread analysis and reply drafting (Pro plan). Only metadata snippets are sent, never full email content.
  • Stripe — Payment processing for Pro subscriptions. We never store card numbers.
  • Resend — Transactional email delivery (digests, notifications).
  • PostgreSQL (self-hosted) — All user data is stored in our own database, not a third-party data platform.

4. Data retention

Your data is retained as long as your account is active. When you delete your account, all associated data — threads, contacts, sync tokens — is permanently deleted within 30 days. You can request immediate deletion by contacting us.

5. Security

All data is encrypted in transit (HTTPS/TLS). OAuth tokens are stored encrypted at rest. We use HTTP-only signed cookies for session management. No email content ever leaves your Gmail account.

6. Your rights

You have the right to:

  • Access all data we hold about you
  • Export your data in a portable format
  • Request deletion of your account and all associated data
  • Revoke Gmail access at any time via Google Account Permissions

To exercise any of these rights, contact us at privacy@inboxclarity.io.

7. Google API Limited Use disclosure

Inbox Lightning's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

8. Changes

We may update this policy. Significant changes will be communicated by email. Continued use of Inbox Lightning after changes constitutes acceptance.

9. Contact

Questions about this policy? Contact us or email privacy@inboxclarity.io.