Last Updated: March 5, 2026
Inboxtini is a real-time email management tool that requires no permanent user account. References to Inboxtini-controlled servers (“our servers”) mean the third-party cloud services on which Inboxtini operates (see Section 7), not servers owned by Inboxtini.
Account & Data Access: Access to your Google account is provided via OAuth 2.0 authentication tokens. An encrypted cookie stored solely on your device holds a minimal profile (name, email address, and profile picture). Your Gmail data is fetched in real-time and processed in memory only — email content is never stored locally or on our servers. Only derived analysis results (e.g., sender patterns, email sizes) and preferences are cached in your browser.
Anonymized Logs: Anonymized usage data (e.g., “Feature X was used”) may be collected for performance monitoring. These logs use random identifiers that are not linked back to your identity or email address.
Revocation: You may disconnect Inboxtini at any time via the in-app settings or through your Google Security Permissions.
Data Erasure: As no email content or files are stored on our servers, there is no personal data to delete. If you wish to delete the data stored in your browser, clear your browser's site data (cookies and local storage) for this site.
Right to be Forgotten: Since logs are anonymized and no identifiable data is stored, your right to erasure is satisfied by the immediate cessation of data processing upon revocation of OAuth access.
Cookies/Tracking: Google Analytics is used to understand app performance and, where ads are displayed, to measure advertising effectiveness. Where required by applicable law, a cookie consent banner allows you to manage your analytics and advertising preferences at any time. You may also opt out by visiting your browser's cookie settings or using industry tools such as YourAdChoices or Google Ads Settings.
US-Based Servers: All data processing and ephemeral storage occurs on servers located within the United States. By using the Service, you consent to the transfer and processing of your information in the US.
All communication between browser and servers is encrypted using TLS (HTTPS), ensuring that data in transit cannot be intercepted.
Encrypted Cookies: Authentication tokens and session profile information are stored in encrypted, HttpOnly cookies on your device. These cookies are inaccessible to JavaScript and protected against cross-site request forgery (CSRF).
Minimal Data Exposure: Because Google user data is processed in memory and never written to disk or stored server-side, the attack surface for data exposure is minimized by design.
Infrastructure Security: Our infrastructure providers (Google Cloud, Vercel, Cloudflare, Netlify) maintain SOC 2 / ISO 27001-compliant environments with physical and network-layer security controls.
Google OAuth: Your use of Google services is governed by the Google Privacy Policy.
Infrastructure: Infrastructure may include Google Cloud, Netlify, Cloudflare, or Vercel for ephemeral processing; these providers are compliant with standard data protection regulations (DPA) and their servers are located in the United States.
Monitoring: Sentry.io is used for error tracking and performance monitoring. Any error data sent is scrubbed of Personal Identifiable Information (PII) before being stored on Sentry's US-based servers.
Email Communications (Brevo): If you opt in to product updates during onboarding, your name and email address are transmitted to Brevo SAS (formerly Sendinblue), our email delivery provider, and stored on their EU-based servers. Brevo processes this data solely to send transactional and product-update emails on our behalf. You may unsubscribe at any time via the link in any email or through the application settings. Brevo's privacy policy is available at brevo.com/legal/privacypolicy.
Ad-Supported Service: Inboxtini is free to use and may be supported by advertising. Ads may be displayed to help cover infrastructure and development costs.
Third-Party Ad Providers: Ads may be served through third-party advertising networks. These providers may use cookies and similar technologies to collect information about your visits to this and other websites in order to provide advertisements about goods and services of interest to you.
Personalized Ads: Where ads are displayed, personalized ads based on your interests may be shown with your consent. A cookie consent banner is shown where required by law and can be used to manage or withdraw your advertising preferences at any time.
Opt-Out: You can opt out of personalized advertising by:
Data Sharing: Gmail data is never shared with advertisers. Ad targeting is based on general page context and, with consent, your browsing behavior across participating websites.
Inboxtini's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
OAuth Scopes Requested and Their Purpose:
drive.about.get). The only data accessed is: total storage limit (bytes), total storage used (bytes), and storage used by Drive and Drive Trash. This data is used exclusively to display a storage usage indicator in your Inboxtini dashboard so you can see how much space has been freed. This data is fetched on demand, processed in memory, and never stored on our servers.Limited Use: Google user data obtained via these scopes is used solely to provide Inboxtini's features directly to you. It is not used for advertising, profiling, or any purpose unrelated to the core functionality described above. Google user data is never sold, transferred to third parties, or used to train machine-learning models.
Retention & Deletion: No Google user data is stored on our servers. Email content and profile information are discarded at session end; storage quota figures may be cached locally in your browser for up to one hour (see Section 2). Revoking Inboxtini's OAuth access via Google Security Permissions immediately terminates all data access. Because no data is stored server-side, revocation is equivalent to complete data deletion.