Privacy Policy

1. What we collect

InboxClean only accesses your Gmail email headers — specifically the From, Subject, List-Unsubscribe, and Date fields. We never read the body or content of your emails. We store the following data to operate the service:

• Name and email address — to identify your account
• OAuth tokens — to authenticate API calls and enable weekly auto-clean for Pro users
• Unsubscribed sender IDs — to avoid showing senders you've already unsubscribed from in future scans
• Inbox Shield filters (Pro) — sender emails you've chosen to block permanently
• Weekly usage count and plan status — to enforce free tier limits and track Pro subscriptions

2. How we use your data

We use your Gmail access solely to scan for subscription emails and to perform unsubscribe actions on your behalf. We do not use your data for advertising, to train machine learning models, to build user profiles, or for any purpose beyond providing the core InboxClean service directly to you.

3. Gmail API usage

InboxClean uses the Gmail API with the following scopes:

• gmail.modify — to read email headers (From, Subject, List-Unsubscribe, Date), identify subscriptions, and move unwanted emails to trash. We never access email body content.

Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. InboxClean does not transfer Google user data to third parties except as necessary to provide and improve user-facing features of the service.

4. Data sharing

We never sell, rent, or share your personal data or Gmail data with third parties for their own purposes. Data is shared only with the following service providers who help us operate InboxClean:

• Supabase — database hosting (stores account data described above)
• Railway — application hosting
• Stripe — payment processing for Pro subscriptions — we never see your full card number

5. Data retention & deletion

We do not store your emails or email content. We retain OAuth tokens for as long as your account is active so Pro users can receive weekly automatic cleaning. You can revoke access at any time via your Google account permissions. To request full deletion of your InboxClean account and all associated data, email support@inboxclean.email — we will process your request within 7 days.

6. Security

All data is transmitted over HTTPS. OAuth tokens are stored encrypted in a secured database and are never exposed publicly. We use row-level security to isolate user data. We do not log email content. If you discover a security vulnerability, please contact us at support@inboxclean.email.

7. Children's privacy

InboxClean is not directed at children under 13 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

8. Your rights

You have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and all associated data
• Revoke Google OAuth access at any time via Google Account Permissions
• Data portability — request an export of your data

9. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on the site. The “Last updated” date at the top reflects the most recent revision. Continued use of InboxClean after changes constitutes acceptance of the updated policy.

10. Contact

Questions about this Privacy Policy? Email us at support@inboxclean.email.