Privacy Policy

Last updated: June 3, 2025

This Privacy Policy explains how we collect, use, and safeguard your information when you use our services. By using InboxWhiz, you agree to the terms of this policy.

Information Collection

We only access necessary information to provide our services. This includes:

• Email content and metadata
• Authorization credentials necessary to retrieve this information

Use of Information

Your email content, metadata, and the authorization credentials used to retrieve this information are accessed only with your permission and stored only on your web browser, never on our servers. InboxWhiz accesses your email data, which includes the content and metadata of email messages, via the Gmail API. This data is used exclusively to facilitate the processing (block/delete/unsubscribe) of emails. This information is permanently deleted upon the removal of the InboxWhiz web extension.

We do not sell, trade, or otherwise transfer your personal information to third parties.

Data Protection and Security

Because InboxWhiz handles sensitive Gmail data, we have implemented the following measures to protect it:

• Encryption in Transit: Every request to Google's APIs (including token exchanges and Gmail data fetches) is made over HTTPS/TLS. This ensures that all data (your emails, metadata, and tokens) is encrypted while traveling between your browser and Google's servers.
• Local Storage Isolation: We store tokens and any metadata only in your browser's extension-specific storage area. This storage is isolated per-extension, meaning no other website or extension can read it. We do not write this data to any server or share it externally.
• Token Handling: OAuth 2.0 tokens (access tokens, refresh tokens) are managed exclusively by the extension. We never log or transmit tokens outside your local browser.
• Access Controls: InboxWhiz only operates under the exact Google scopes you grant during OAuth consent. You can revoke our access at any time from your Google Account → Security → Third-party apps and services.
• Deletion Upon Uninstall: When you uninstall or disable the InboxWhiz extension, all sensitive data (tokens, any cached email-metadata) is automatically purged from your browser. We do not attempt to back it up or re-upload it elsewhere.
• No Human Access: The extension does not transmit your Gmail data to any human or support-team inbox. All parsing, filtering, and unsubscribe/delete logic is performed entirely within your browser, under your control.

Additional Limits on Use of Your Google Data

Notwithstanding any other provision in this Privacy Policy, if you grant InboxWhiz access to your Google data, the use of that data will be subject to the following additional restrictions:

• InboxWhiz will only use your Gmail data accessed via the Gmail API to read or control Gmail message metadata, headers, and message content, to enable you to process (delete/unsubscribe from) emails.
• InboxWhiz will not use your Gmail data for serving advertisements.
• InboxWhiz will not allow humans to read your data.
• Any use or transfer of information received from Google APIs by InboxWhiz will comply with the Google API Services User Data Policy, including the Limited Use requirements.

Policy Changes

This Privacy Policy may be updated periodically. Any changes will be posted on this page, so please review it regularly.

Contact Us

If you have any questions regarding this Privacy Policy, please contact us at inboxwhiz.help@gmail.com.