Privacy Policy

Last Updated: May 21, 2026

1. Introduction

MailBox Unjunker ("MailBox Unjunker," "we," "our," or "us") is an AI-powered Gmail organization service operated as an individual proprietorship from the United States. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices and rights you have.

By using MailBox Unjunker, you agree to this Privacy Policy and our Terms of Service.

2. Compliance with the Google API Services User Data Policy

MailBox Unjunker's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In particular:

• We use Google user data only to provide and improve user-facing features that are prominent in the MailBox Unjunker interface (classifying and organizing your Gmail messages).
• We do not transfer Google user data to third parties except as necessary to provide or improve user-facing features, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
• We do not use Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
• We do not allow humans to read your Google user data, except: (a) with your explicit consent for specific messages; (b) when necessary for security purposes, such as investigating abuse; (c) to comply with applicable law; or (d) where the data has been aggregated and anonymized so it cannot identify any individual user.
• We do not use Google user data to develop, improve, or train generalized or non-personalized AI and machine learning models. The OpenAI API we call to classify your messages also does not train models on data submitted through its API (see Section 6).

3. Information We Collect

3.1 Account Information

When you request an invite and sign in with Google, we collect:

• The email address you submit through our invite-request form, before you sign in, so we can contact you about your invite.
• Your Google email address and basic profile information (from the openid, email, and profile scopes).
• Your service preferences (cleanup method, prompt type, and any custom prompt text you choose to write).

3.2 Google OAuth Credentials

We store the OAuth access token and refresh token Google issues to MailBox Unjunker, along with the granted scopes and expiration timestamps. These tokens are encrypted with AES-256-GCM at the application layer before being written to our database, and are used only to call the Gmail API on your behalf. We never receive or store your Google password.

3.3 Email Metadata — What We Store

For each Gmail message we process, we store:

• The Gmail message ID — a non-content identifier such as 18c5f3a2b4d8e9f1 that cannot be used to reconstruct the email's subject, body, sender, or recipients.
• The classification result (for example, "junk", "keep", or "reserved").
• The number of OpenAI input and output tokens used for the classification call, for usage analytics.
• A processed-at timestamp.
• The latest Gmail historyId we have synced, so we know where to resume processing.
• Your Gmail watch expiration timestamp, so we can renew the watch before it lapses.

3.4 Email Content — What We Do NOT Store

We do not store the subject lines, bodies, headers, attachments, sender or recipient addresses, or any other content of your Gmail messages. Email content is read from Gmail at classification time, forwarded to the OpenAI API for classification (see Section 6), and discarded as soon as the classification result is returned. It is never written to our database, our log files, or any other persistent storage.

3.5 Google Contacts — Only If You Opt In

If you choose to use the contacts autocomplete in the Invite friends tab of your dashboard, MailBox Unjunker will ask Google for the https://www.googleapis.com/auth/contacts.readonly scope. We then fetch the names and primary email addresses of the contacts you have saved in Google Contacts and store that list in our database, encrypted with AES-256-GCM at the application layer. This list is used only to autocomplete email addresses inside the Invite friends tab — it is never sent to OpenAI, never shared, never displayed to anyone other than you, and never used for marketing.

Connecting your contacts is entirely optional and is a separate, explicit action from signing in. You can use MailBox Unjunker without granting this scope; the Invite friends tab still lets you type in any email address manually. You can revoke contacts access at any time at https://myaccount.google.com/permissions, and your stored contacts list is deleted when you delete your account.

4. How We Use Google User Data — Scope by Scope

MailBox Unjunker requests the following Google OAuth scopes. Each is used solely for the user-facing feature described.

• openid, email, profile — to identify the account you are signing in with and create or recognize your MailBox Unjunker account.
• https://www.googleapis.com/auth/gmail.modify — to read incoming messages so they can be classified; to create and manage the "JUNK" and "AI-OK" labels (and any other labels MailBox Unjunker applies) in your Gmail account; to apply or remove labels, mark messages as read, and move messages out of the inbox in accordance with your "cleanup method" preference; and to register a Gmail "watch" so that Google can notify MailBox Unjunker of new incoming messages in near real-time. We do not delete messages.
• https://www.googleapis.com/auth/contacts.readonly — optional, requested only if you click "Connect Gmail contacts" in the Invite friends tab. Used solely to fetch the names and primary email addresses of your Google Contacts, so that the dashboard can autocomplete addresses you have already saved when you invite a friend. We do not read other contact fields (phone numbers, addresses, notes, etc.).

5. How We Use Your Information

We use the information we collect to:

• Provide the inbox-classification service (read incoming messages, classify them, and apply labels and other Gmail actions per your preferences).
• Maintain your account and preferences.
• Renew the Gmail watch registration before it expires, so that the service does not silently stop.
• Send transactional and service-related communications.
• Investigate abuse, fraud, or security incidents.
• Generate aggregated, non-identifying usage statistics.

6. Service Providers

We rely on the following service providers to operate MailBox Unjunker. Each of them processes data on our behalf under their own contractual data-protection obligations.

• Google (Gmail API and Cloud Pub/Sub): the source of incoming-mail notifications and the target of label, read-state, and archive actions. Subject to Google's Privacy Policy.
• OpenAI: we forward the subject and body of each incoming Gmail message to OpenAI's API (model gpt-4o-mini) over TLS, and we receive a JUNK / keep classification in return. Per OpenAI's API data usage policy, content submitted through the API is not used to train OpenAI's models. OpenAI may retain API content for up to 30 days for abuse and misuse monitoring, after which it is deleted. MailBox Unjunker does not retain the content after the classification call returns.
• Supabase: database hosting for the metadata described in Section 3. Data is encrypted at rest.
• DigitalOcean: application hosting (DigitalOcean App Platform).
• Resend: we use Resend to deliver transactional emails — the confirmation that we received your invite request, and the notice that your invitation is ready. Resend receives your email address for the sole purpose of delivering those messages. Subject to Resend's Privacy Policy.

7. Other Sharing and Disclosure

We do not sell or rent your personal information. We do not share Google user data for advertising or marketing purposes. We may share information when:

• Legal compulsion: we are required to do so by valid legal process, or to protect rights, property, or safety.
• Business transfer: in connection with a merger, acquisition, or sale of substantially all of our assets, in which case affected users will be notified.

8. Data Security

We implement industry-standard security measures, including:

• HTTPS/TLS for all data in transit.
• Application-layer AES-256-GCM encryption of Google OAuth tokens before they are written to the database, in addition to our database provider's at-rest disk encryption.
• Server-side database access only; OAuth tokens are never exposed to the browser.
• Session authentication via signed, HTTP-only cookies.

No system is perfectly secure. If we become aware of a security incident affecting your data, we will notify you and the appropriate authorities as required by applicable law.

9. Data Retention

• Account information, preferences, and OAuth tokens: retained while your account is active.
• Processed-message metadata (message ID, classification result, token counts): retained while your account is active; used to avoid reclassifying the same message and to power usage analytics.
• Email content: not retained (see Section 3.4).

When you delete your account, we stop the Gmail watch, revoke the OAuth refresh token with Google, and delete your data from our database within 30 days, except where retention is required by law.

10. Your Rights and Choices

You can, at any time:

• Revoke Gmail access at https://myaccount.google.com/permissions. Revoking access in your Google account immediately disables MailBox Unjunker's ability to read or modify your Gmail.
• Delete your account from the MailBox Unjunker dashboard. This stops the Gmail watch, revokes the OAuth refresh token with Google, and deletes your data from our database.
• Request access, correction, or deletion of personal information by emailing [email protected].

Depending on where you live, you may have additional rights under laws such as the EU General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA). You can exercise any of those rights by contacting us at the email above.

11. International Users

MailBox Unjunker is operated from the United States. By using the service, you understand that your information will be processed in the United States, where data protection laws may differ from those in your country.

12. Children's Privacy

MailBox Unjunker is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please email [email protected] and we will delete it.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last Updated" date above and, for material changes, notify you by email or through the service. Your continued use of MailBox Unjunker after the changes become effective constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

MailBox Unjunker
Email: [email protected]
Website: www.mailboxunjunker.com