Privacy Policy
Effective date: April 20, 2026 · Version 2026-04-20
1. Information We Collect
When you use Inbox Admin, we collect: your Google account email address and profile information provided through Google Sign-In; email metadata and attachments from your connected Gmail account(s); document content for classification purposes; and usage data including pages processed, rules executed, and feature interactions.
2. How We Use Your Information
We use your information to: provide and maintain the Service, including document classification and routing; sync classified documents to your connected accounting software (e.g., QuickBooks); enforce plan limits and calculate billing; detect and prevent abuse; and improve the accuracy of document processing.
We do not use your email content, attachments, or metadata to train machine-learning models. Document classification runs on Google Cloud’s Vertex AI / Gemini and Document AI under contracts that prohibit training on our prompts or responses. Our Data Processing Addendum enforces the same rule on every subprocessor.
3. OAuth Scopes We Request
Inbox Admin only requests the permissions it needs for the feature you’re using. You grant each scope through Google or Intuit’s own consent screen and can revoke them at any time from your Google account or QuickBooks company settings.
| Scope | When we request it | Why we need it |
|---|---|---|
| openid email profile | Sign-up and sign-in | Identify your account and show your name / email in the app. |
| gmail.readonly | Sign-up and inbox audits | Read message headers and attachments to classify documents and suggest rules. No send, move, or delete permission is granted. |
| gmail.modify | Only when you turn on a rule action that applies a Gmail label | Create and apply labels so filed messages land in the folder you picked. Never used to delete messages. |
| gmail.send | Only when you turn on a rule action that forwards a message | Forward a matched message to a domain you explicitly allow-listed. |
| calendar.events | Only when you enable calendar-based actions | Create calendar events for deadlines surfaced from matched messages. |
| com.intuit.quickbooks.accounting | Only when you connect QuickBooks | Create vendors and bills from classified invoices; read existing vendor list to avoid duplicates. |
4. Data Storage and Security
Your data is stored on Google Cloud Platform in the United States. Attachments are stored in Google Cloud Storage with encryption at rest. OAuth refresh tokens are encrypted using Google Cloud KMS before being written to the database. All data in transit is protected with TLS 1.2+. For the full list of encryption, retention, and self-serve deletion controls, see our Security page.
5. Subprocessors
Inbox Admin uses the following subprocessors to deliver the Service. We maintain written data-protection agreements with each, and we do not sell your data to anyone.
| Vendor | Purpose | Data shared | Region |
|---|---|---|---|
| Google Cloud Platform | Hosting (Cloud Run), key management (KMS), attachment storage (GCS), managed Postgres database (Cloud SQL), document classification (Document AI), and model inference (Vertex AI / Gemini). | Email headers, attachment contents, classification prompts and responses, account records, rule definitions, audit events, encrypted OAuth tokens. | United States (us-central1) |
| Stripe | Subscription billing and payment processing. | Billing email, plan, payment-method metadata (Stripe holds the card; we do not). | United States |
| Intuit (QuickBooks Online) | Optional. Bill and vendor sync when you connect QuickBooks. | Vendor names, bill line items, attachment copies you choose to sync. | United States |
We’ll notify customers at least 30 days before adding a new subprocessor so you can object per your DPA.
6. Data Retention
Document attachments and classification data are retained according to your organization’s configured retention period (default: 90 days). You may adjust this in your account settings. Account data (email, settings, audit logs) is retained for the life of your account plus 30 days after deletion.
7. Your Rights
You may request access to, correction of, or deletion of your personal data at any time by contacting us. You may disconnect your Gmail or QuickBooks accounts at any time through your account settings, which will stop further data collection from those services.
8. Cookies and Tracking
Inbox Admin uses localStorage to maintain your sign-in session. We do not use third-party tracking cookies or advertising pixels. A browser fingerprint may be collected during trial signup solely for abuse prevention and is stored as a one-way hash.
9. Contact
For privacy inquiries, contact us at privacy@inbox-admin.com.