Privacy Policy

Effective Date: February 13, 2026 · Last Updated: February 13, 2026

1. Introduction

Inbox Pilot ("we," "us," or "our") provides an AI-powered email automation service that connects to your Gmail account to help you triage, draft, and send emails. This Privacy Policy explains how we collect, use, store, and protect your information when you use our service.

By using Inbox Pilot, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our service.

2. Information We Collect

2.1 Gmail Data (via Google APIs)

When you connect your Gmail or Google Workspace account, we access the following data through Google's OAuth 2.0 authorization:

  • Email message content (subject lines, body text, attachments metadata)
  • Email metadata (sender, recipients, timestamps, labels)
  • Draft emails
  • Gmail labels and folder structure

We use this data solely to provide the email automation features you configure, such as triaging, drafting replies, and sending emails on your behalf.

2.2 Account Information

When you contact us or sign up, we may collect your name, email address, and company name through our contact form.

2.3 Usage Data

We may collect anonymized usage data such as feature usage patterns and error logs to improve our service. This data does not include email content.

3. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Inbox Pilot service, including reading, categorizing, drafting, and sending emails based on your configured rules
  • Improve and develop our service based on aggregated, anonymized usage patterns
  • Respond to your inquiries and provide customer support
  • Ensure the security and integrity of our service

4. Google API Services — Limited Use Disclosure

Inbox Pilot's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only use Google user data for the purposes described in this Privacy Policy — namely, to provide and improve the email automation features you have configured.
  • We do not transfer Google user data to third parties, except as necessary to provide or improve our service, to comply with applicable law, or as part of a merger, acquisition, or asset sale with notice to users.
  • We do not use Google user data for serving advertisements.
  • We do not allow humans to read Google user data unless: (a) we have your explicit consent, (b) it is necessary for security purposes such as investigating abuse, (c) it is necessary to comply with applicable law, or (d) the data has been aggregated and anonymized and is used for internal operations.

5. Data Retention

Email content accessed through the Gmail API is processed in real-time within our secure infrastructure. We do not permanently store the content of your emails on our servers. Email data is held in memory only for the duration necessary to perform the requested automation task (such as categorizing or drafting a reply) and is then discarded.

Account information (such as your name and email address submitted through our contact form) is retained for as long as necessary to provide our service and respond to your inquiries, or until you request its deletion.

6. Data Sharing

We do not sell, rent, or trade your personal data or email content. We may share information only in the following limited circumstances:

  • Infrastructure Providers: We use trusted cloud hosting providers to operate our service. These providers are bound by contractual obligations to protect your data.
  • Legal Requirements: We may disclose information if required to do so by law or in response to valid requests by public authorities.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred. We will notify you before your data becomes subject to a different privacy policy.

7. Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it, including:

  • Encrypted connections (TLS/SSL) for all data in transit
  • OAuth 2.0 for Gmail authentication — we never store your Google password
  • Strict access controls and least-privilege principles
  • Regular security reviews of our infrastructure

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

8. Your Rights

You have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of any inaccurate personal data.
  • Deletion: Request deletion of your personal data. We will comply within 30 days, subject to any legal obligations to retain certain data.
  • Revoke Access: You can revoke Inbox Pilot's access to your Gmail account at any time through your Google Account permissions page.

To exercise any of these rights, contact us at contact@inboxpilot.me.

9. Children's Privacy

Inbox Pilot is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected data from a child under 13, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by posting the updated policy on this page and updating the "Last Updated" date. We encourage you to review this policy periodically.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

contact@inboxpilot.me