Privacy Policy

Last updated: 23 April 2026

1. Who we are

InboxZero ("InboxZero", "we", "us") is a private-beta email management tool operated from the United Kingdom. Our service helps you categorise, search, and act on messages in your own Gmail or Microsoft 365 mailboxes.

Contact: privacy@inboxzero.vista.inum.com

2. What data we process

• Account data — your name and email address, used to log you in.
• OAuth tokens — encrypted access and refresh tokens for the mailbox providers you connect (Google, Microsoft).
• Email metadata — sender, recipients, subject, date, thread identifier, labels, message identifiers.
• Email content — plain-text body, HTML body, snippet, and attachments. Attachments are fetched on demand from the provider when you download them.
• AI output — category, importance score, summary, and extracted structured data (e.g. invoice fields) for each message.
• Interaction data — which emails you opened, starred, archived, deleted; tasks you created; drafts you saved.
• Outbound tracking — when you explicitly enable tracking on an outbound message, we record open events (via a 1×1 pixel) and link click events. Recipients can opt out via a footer link included in every tracked message.
• Technical logs — IP address (hashed), user agent, timestamps of authenticated requests, error events.

3. Why we process it

• To provide the service — showing you your inbox, enabling reply/forward/send, running search, generating daily briefings.
• To classify and summarise — we submit message text to an AI model (Anthropic Claude, or a proxy you configure such as LiteLLM) to assign a category, importance score, and short summary.
• To extract structured information — invoice PDFs are parsed and a JSON representation is saved for export.
• To sync with your mailbox — we read your inbox via the provider API on a schedule you control.
• To secure the service — detect abuse, rate-limit, maintain audit logs.

Lawful basis under UK GDPR: performance of a contract (delivering the service you signed up for) and legitimate interest (security and service improvement).

4. AI processing

Email content is sent to an AI model for classification and summarisation. By default this is Anthropic's Claude API (processed in the EU). You may configure a different endpoint (e.g. a self-hosted LiteLLM proxy, or a local model via Ollama) in Settings → AI models. When you do, your email content flows to that endpoint instead.

We do not train any model on your mailbox content, and we contractually require the same of our AI provider (Anthropic's standard terms include no training on API content).

5. Sharing and third parties

We share data with:

• Your mailbox provider (Google, Microsoft) — whenever we read, label, send, or delete on your behalf.
• The AI provider you configure — email content you submit for categorisation or summary.
• Our hosting provider (the server in this deployment runs on infrastructure you control).

We do not sell data. We do not use your content for advertising or to benefit third parties.

6. Retention

• Email metadata and content are retained until you delete the message or disconnect the provider account.
• Soft-deleted emails are purged from our database 24 hours after deletion (and from your provider in the same action).
• Daily backups are retained for 30 days, then destroyed.
• Technical logs and audit events are kept for 90 days.

7. Your rights

Under UK/EU data protection law you may:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Export a copy of your data.
• Delete your account and all associated data.
• Disconnect any mailbox at any time, which removes our OAuth tokens and stops further syncing.
• Withdraw consent for AI processing by disabling AI features in settings.

Email privacy@inboxzero.vista.inum.com to exercise any of these rights.

8. Security

• All traffic is served over TLS.
• OAuth tokens are encrypted at rest using Laravel's application key.
• Passwords are hashed with bcrypt.
• Access to the production database is restricted.

We report serious breaches to the UK ICO within 72 hours and, where required, to affected users.

9. International transfers

Servers are located in the United Kingdom. AI processing (via Anthropic) routes to the European Union. If you configure a third-party AI endpoint, transfers will depend on that provider's infrastructure.

10. Google API Services limited-use disclosure

InboxZero's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use your Gmail data for features you have requested and enabled (inbox display, categorisation, send, unsubscribe, invoice extraction).
• We do not transfer Gmail data to third parties unless it is necessary to provide the feature you requested.
• We do not use Gmail data for advertising or to train generalised AI models.
• Humans do not read your Gmail data except for explicit diagnostic requests you raise with us.

11. Changes

We will notify registered users of material changes to this policy by email. Minor clarifications may be made without notice; the "Last updated" date above reflects any change.