Privacy Policy

Last updated: March 9, 2026

inb0x.ai ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our mobile application.

1. Information We Collect

When you use inb0x.ai, we collect:

• Account Information: Your email address and name from Google Sign-In
• Email Data: We access your email content through the Gmail API, including subject lines, message body text, sender and recipient information, and timestamps. This is not limited to metadata—we process the full content of your emails to provide our AI-powered features.
• Device Tokens: Your Firebase Cloud Messaging (FCM) token to deliver push notifications about your inbox activity
• Usage Data: App usage patterns, feature interactions, and error reports to improve the service

2. How We Use Your Information

We use your information to provide the following AI-powered features:

• Email classification and prioritization: We analyze email content to categorize messages and rank them by importance
• Draft response generation: We use your writing style and email context to suggest replies
• Writing style learning: We learn your communication patterns from sent emails to personalize suggestions
• Knowledge extraction: We identify key information, facts, and commitments from email conversations
• Contact memory: We build context about your contacts based on communication history

3. AI Processing and Service Providers

To provide our AI-powered features, we route email content to trusted third-party AI service providers via API. We do not sell or monetize your email content. We do not use your email data to train general-purpose AI models.

AI service providers that may process email content include:

• Anthropic (models: claude-3-5-haiku, claude-3-5-sonnet, claude-sonnet-4) — used for email classification and response drafting. Anthropic does not use commercial API data to train models by default. API request data may be retained for security and abuse monitoring for approximately 30 days under Anthropic's standard policies.
• OpenAI (models: gpt-4.1-nano, gpt-4.1-mini, gpt-5-mini) — used for email classification, response drafting, and generating text embeddings. OpenAI does not use business API data for training by default. API request data may be retained for security and abuse monitoring for up to 30 days under OpenAI's standard policies.
• OpenRouter — an AI routing service used for certain processing tasks. We configure OpenRouter requests with data collection restrictions (data_collection: deny and zdr: true). OpenRouter routes to Anthropic and OpenAI models and is subject to those providers' data policies.
• Google Gemini API — used as a fallback in limited evaluation and classification paths. Data handling terms depend on the active billing tier; please see the Google AI Studio Terms of Service.

Our service agreements with each provider include data privacy and security obligations. These providers process your data only to deliver the features described above and are not authorized to use it for their own commercial purposes.

4. Google API Services Compliance

Our use of information received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only request Gmail API access to the extent necessary to deliver the features described in this policy
• We do not use Gmail data for advertising, ad targeting, or ad retargeting
• We do not sell Gmail data or transfer it to data brokers or advertising platforms
• We do not use Gmail data for credit or lending determinations
• We do not use Gmail data to train general-purpose AI or machine-learning models
• Human access to Gmail-derived data is limited as described in the "Human Access" section below

5. Human Access to Your Data

We do not allow human review of your email content except in the following limited circumstances:

• With your explicit consent: For example, when you contact support and share specific emails to resolve an issue
• Security and abuse prevention: To investigate suspected violations of our Terms of Service or to protect users and the integrity of the service
• Legal obligations: When required by applicable law, regulation, legal process, or enforceable governmental request

6. Data Storage and Security

Your data is stored securely using industry-standard encryption and security practices:

• TLS encryption for all data in transit
• Encrypted storage for data at rest
• Secure cloud infrastructure (Cloudflare Workers, SurrealDB Cloud) with industry-standard security controls
• Document attachments and knowledge base content stored in Cloudflare R2 object storage

7. Third-Party Infrastructure Services

In addition to AI processing providers, we use the following infrastructure services to operate the app:

• Google: Authentication (Google Sign-In via Firebase), Gmail API access, and Firebase Cloud Messaging push notifications
• Cloudflare: Edge hosting, serverless compute (Cloudflare Workers), and object storage (Cloudflare R2)
• SurrealDB Cloud: Database storage for account data, email metadata, classification results, writing style profiles, and contact memory

We use these providers as data processors operating under our instructions. Their use of your data is governed by our agreements with them and this policy.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Right to access: Request a copy of your personal data through the app settings (Settings → Legal → Download my data) or by contacting privacy@inb0x.ai
• Right to rectification: Request correction of inaccurate data
• Right to erasure: Delete your account and associated personal data through the app settings. Note: knowledge base documents shared within an organization may be subject to separate retention obligations at the organization's discretion.
• Right to data portability: Export all your personal data in a structured, machine-readable JSON format directly from the app (Settings → Legal → Download my data)
• Right to restriction: Request limitation of data processing
• Right to object: Opt out of non-essential data processing

To exercise any of these rights, contact privacy@inb0x.ai.

9. Data Retention

We retain different types of data for different periods:

• Account data: Retained while your account is active and deleted when you delete your account
• Email metadata and classification results: Retained while your account is active; deleted on account deletion
• Writing style profiles and contact memory: Retained while your account is active; deleted on account deletion
• Knowledge base documents: Retained while your account is active; deleted on account deletion, except for documents shared within an organization which may be retained as separately required by that organization
• AI provider API logs: AI service providers may retain API request/response data for security and abuse monitoring for up to approximately 30 days under their standard policies, after which it is automatically deleted
• Backup copies: Deleted account data may persist in encrypted system backups for up to 90 days, after which it is purged in the ordinary course of our backup retention schedule

10. International Data Transfers

Your data may be processed in countries outside your country of residence, including the United States, where our service providers operate. We require these providers to maintain appropriate technical and organizational measures to protect your personal data. Where required by applicable law (for example, under EU GDPR), we rely on appropriate data transfer mechanisms, which may include standard contractual clauses as approved by the European Commission.

11. Children's Privacy

Our service is not intended for children under 16. We do not knowingly collect data from children under 16.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

13. Governing Law

This Privacy Policy is governed by the laws of the European Union.

14. Contact Us

If you have questions about this Privacy Policy, please contact us at:

privacy@inb0x.ai