ITInboxTidy

Privacy Policy

Effective date: 13 May 2026. InboxTidy is a privacy-first Gmail cleanup utility. This policy explains what data InboxTidy accesses, stores, and deletes.

What InboxTidy accesses

Sign-in uses Google's standard identity scopes: name, email address, and profile picture. Gmail access is requested only when you start a scan or approve cleanup.

  • Gmail read-only access is used only to scan message metadata such as sender, selected list headers, message date, and size estimate.
  • Gmail modify access is used only after your approval to archive selected messages, move selected messages to Gmail Trash when you choose that option, or undo a previous cleanup action.
  • Storage quota access is used only to read numeric Google storage quota and usage values when you choose to connect storage information.

What InboxTidy does not access or store

  • InboxTidy does not store email bodies, attachments, snippets, or raw Gmail message payloads.
  • InboxTidy does not send email or request the unrestricted mail.google.com scope.
  • OAuth tokens are never exposed to client components and Gmail API calls are made server-side only.
  • AI classification, when used, receives only minimal sender-level metadata, not message content.

What InboxTidy stores

InboxTidy stores the app data needed to provide and explain the service: your account record, encrypted Google grant records, Gmail connection state, scan summaries, sender summaries, cleanup candidates, selected cleanup actions, audit logs, billing status, support requests, and refund-review records.

Gmail message IDs are stored only where needed for approved cleanup and undo. Sender summaries and audit records are retained while your account is active unless you delete your InboxTidy account data.

Service providers

InboxTidy uses Vercel for hosting, Neon/Postgres for database storage, Stripe for checkout and billing, Google APIs for OAuth and Gmail access, Inngest for background jobs, and Sentry for operational error monitoring. These providers process data only as needed to run InboxTidy.

Your controls

  • You must approve every Gmail-modifying cleanup action before it runs.
  • You can undo supported cleanup actions from the audit page.
  • You can disconnect Google access from Settings or from your Google Account permissions page.
  • You can delete InboxTidy account data from Settings. This does not delete Gmail messages.

Contact

For privacy, billing, or data deletion questions, contact support@inboxtidy.app.