InboxAct

Privacy Policy

Last updated: January 1, 2024

1. Introduction

Welcome to InboxAct ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service that integrates Gmail and Todoist to automatically create tasks from your emails.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the service.

2. Information We Collect

2.1 Information You Provide

  • Account information (email address, name) when you sign up
  • OAuth tokens for Gmail and Todoist integration
  • Configuration settings and preferences
  • Support communications and feedback

2.2 Information We Collect Automatically

  • Email metadata (sender, subject, date, labels) for processing
  • Usage analytics and service performance metrics
  • Error logs and debugging information
  • Device and browser information for service optimization

2.3 Third-Party Data

  • Gmail email content (processed temporarily for AI extraction)
  • Todoist project and task information for synchronization
  • Google and Todoist profile information for authentication

3. How We Use Your Information

We use your information for the following purposes:

  • Core Service Delivery: Processing emails to extract actionable tasks and create corresponding Todoist entries
  • Service Improvement: Analyzing usage patterns to enhance AI accuracy and feature development
  • Customer Support: Responding to inquiries, troubleshooting issues, and providing assistance
  • Security: Monitoring for unauthorized access, fraud prevention, and service security
  • Communications: Sending service updates, feature announcements, and important notifications
  • Legal Compliance: Meeting legal obligations and protecting our rights and interests

4. Data Processing and Storage

4.1 Email Content Processing

Email content is processed temporarily in memory for AI task extraction. We do not permanently store the full content of your emails. Only extracted task information and relevant metadata are retained.

4.2 Data Retention

  • Account data: Retained until account deletion
  • Email metadata: Retained for 90 days for processing optimization
  • Usage analytics: Aggregated data retained for 2 years
  • Error logs: Retained for 30 days for debugging purposes

4.3 Data Location

Your data is primarily processed and stored in secure data centers in the United States. We use industry-standard encryption and security measures to protect your information.

5. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share your information only in the following circumstances:

  • Service Providers: Third-party vendors who assist in service delivery (hosting, analytics, customer support)
  • Legal Requirements: When required by law, regulation, or legal process
  • Business Transfers: In connection with merger, acquisition, or sale of business assets
  • Consent: When you have given explicit consent for specific sharing

6. Your Rights and Choices

6.1 Access and Control

  • View and update your account information
  • Configure processing preferences and filters
  • Export your task creation history
  • Revoke OAuth permissions at any time

6.2 Data Subject Rights (GDPR)

If you are in the European Union, you have additional rights:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

6.3 Account Deletion

You can delete your account at any time through the dashboard settings. Upon deletion, we will remove your personal data within 30 days, except where retention is required by law.

7. Security Measures

We implement appropriate technical and organizational measures to protect your information:

  • End-to-end encryption for data in transit (TLS 1.3)
  • AES-256 encryption for data at rest
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • SOC 2 Type II compliance
  • Regular staff security training

8. Third-Party Services

Our service integrates with Gmail and Todoist. Please review their respective privacy policies to understand how they handle your data:

  • Google Privacy Policy: https://policies.google.com/privacy
  • Todoist Privacy Policy: https://todoist.com/privacy

9. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses for EU data transfers.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. For material changes, we will provide additional notice via email.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us:

  • Email: privacy@inboxact.com
  • Support Portal: /support
  • Address: [Company Address]