Privacy Policy

1. Google User Data We Access

When you sign in with Google, InboxCommand requests the following OAuth scopes. Each one is used only for the specific purpose described.

Gmail scopes

• gmail.readonly — Read message metadata (sender, recipients, subject, snippet, labels, timestamps, thread structure) and message bodies for classification, scoring, AI summarization, and on-demand display.
• gmail.modify — Apply Gmail labels, mark messages as read, archive threads, and move threads to Trash on your behalf when you click the corresponding action in InboxCommand.
• gmail.send — Send reply emails and the InboxCommand-generated daily/weekly briefs from your own Gmail address when you click "Send" or enable the brief.
• gmail.settings.basic — Create and modify Gmail filters and labels during the optional "Organize Gmail" onboarding step.

Google Calendar scopes

• calendar.readonly — Read your calendar events to display today's meetings, generate pre-meeting briefs, and link related email threads to upcoming meetings.
• calendar.freebusy — Query free/busy availability for you and meeting attendees when proposing meeting time slots.
• calendar.events — Create new calendar events with Google Meet links and send email invitations when you confirm a meeting via the AI Meeting Scheduler.

Profile scopes

• openid, email, profile — Retrieve your name and email address to create your InboxCommand account and personalize the interface.

2. How We Use Your Data

Google user data is used exclusively to power InboxCommand features:

• Classification and scoring — Email metadata and snippets are analyzed by deterministic rules and AI models to assign each thread an urgency, strategic importance, financial relevance, legal risk, and relationship value score.
• Triage and surfacing — Threads above a relevance threshold are shown in your dashboard and Today view. Noise and transactional categories are auto-filtered.
• AI drafting — When you request a draft reply, the relevant thread content is sent to Anthropic Claude for synthesis. Drafts are returned to you for review and never sent without your explicit approval.
• Pre-meeting briefs — Calendar events are matched against your email history to generate context briefs before meetings.
• AI scheduling — Natural language requests are parsed by Anthropic Claude into meeting parameters; free/busy is queried via the Calendar API; you confirm a slot before the event is created.
• Counterparty intelligence — Aggregated metadata (interaction count, response patterns) is used to build reliability and negotiation-style profiles per email address.
• Daily and weekly briefs — If enabled, you receive a summary email sent from your own Gmail account containing decision items and stats.
• Voice transcription — When you use the voice input feature, the recorded audio is sent to OpenAI Whisper for transcription only. The transcription is returned to you and used as input to subsequent AI processing.

We do not use Google user data for advertising. We do not train, fine-tune, or create generalized or personalized AI/ML models using your data. Google user data is never shared with third parties for any purpose other than the specific operational uses listed above.

3. Third Parties Who Receive Data

InboxCommand uses the following third-party processors to deliver the service. Each receives only the minimum data required for its function, and only at the moment it is needed. None retain your data beyond their stated processing window.

• Anthropic (Claude API) — Receives sanitized email snippets, thread metadata, decision history, and counterparty profiles when you generate drafts, ask questions, request meeting parsing, or trigger any AI feature. Personally identifiable information (codes, tokens, API keys, credentials) is automatically redacted before transmission via our PII sanitization layer. Anthropic does not retain inputs or outputs for training per their API terms.
• OpenAI (Whisper API) — Receives audio recordings only when you actively use the voice input feature, and only for the duration of the transcription. Audio is not stored by InboxCommand and is not retained by OpenAI per their API terms.
• Stripe— Receives only your email address and billing information (handled directly by Stripe's checkout, never touched by InboxCommand). Stripe does not receive any Google user data.
• Amazon Web Services (EC2) — Hosts the InboxCommand application servers and PostgreSQL database. AWS does not access your data; it only provides infrastructure under standard cloud-hosting terms.

We do not share Google user data with advertising networks, data brokers, analytics providers, or any other third party not listed above.

4. Data Storage and Protection

• Where it lives — All InboxCommand data is stored in a PostgreSQL database hosted on AWS EC2 in the United States. Application servers run in the same region.
• What is stored — Email metadata (sender, subject, snippet, labels, timestamps), thread classification scores, generated draft suggestions, decision history, counterparty profiles, intelligence signals, calendar event references for meeting briefs, and your account profile.
• What is NOT stored permanently — Full email message bodies are fetched on-demand from Gmail and not persisted to our database. Audio recordings used for voice input are not stored. AI requests/responses are not logged with user-identifiable content beyond audit metadata.
• Encryption — Google OAuth access and refresh tokens are encrypted at rest using AES-256-GCM with a server-side key. All data in transit between you, our servers, Google APIs, and third-party processors is protected by TLS 1.2 or higher.
• Access controls — Database access is restricted to the application runtime. Administrative access requires SSH key authentication. PII sanitization is applied to all content sent to AI processors.
• Security practices — Strict subscription gate, CSRF protection on mutating endpoints, server-side rate limiting, audit logging of every action, and explicit user authorization required for any state-changing operation.

5. Data Retention and Deletion

You remain in control of your data at all times. The following retention and deletion practices apply:

• While your account is active — Email metadata, classification scores, decisions, counterparty profiles, and audit logs are retained for as long as your InboxCommand account exists.
• Trashing a thread — When you click "Move to Trash" on a thread, we move the thread to your Gmail Trash via the Gmail API and delete all associated InboxCommand records (scores, summaries, drafts, predictions, alerts) immediately.
• Account deletion — You can delete your account at any time from the in-app settings page. Account deletion triggers a full cascade delete of all your data from our database within 30 days, including profile, OAuth tokens, threads, scores, decisions, counterparty profiles, audit logs, and any cached data. Stripe subscriptions are canceled separately via the billing portal.
• Revoking Google access — You can revoke InboxCommand's access to your Google account at any time at https://myaccount.google.com/permissions. Once revoked, we can no longer access your Gmail or Calendar.
• Backups — Routine database backups are retained for up to 30 days for disaster recovery. Deleted user data is purged from backups within this window.
• Manual deletion requests — If you cannot use the in-app deletion flow, email privacy@inboxcommand.io from your account email and we will process the deletion within 30 days.

6. AI Model Use and Training Disclosure

InboxCommand uses third-party AI models (Anthropic Claude for text synthesis and OpenAI Whisper for voice transcription) to power its features. We do not use Google Workspace data to develop, improve, or train any generalized or personalized AI/ML model. The third-party models we call do not retain your inputs or outputs for training purposes per their respective API terms.

Before any content is sent to a third-party AI model, our PII sanitization layer automatically redacts verification codes, OTPs, API keys, bearer tokens, and similar credentials.

7. Google API Services Limited Use Disclosure

InboxCommand's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

8. Your Rights

You have the right to:

• Access the data InboxCommand holds about you (contact us at privacy@inboxcommand.io).
• Request correction or deletion of your data.
• Revoke our access to your Google account at any time.
• Export your data on request.
• Withdraw consent for any data processing activity.