arrow_backBack to Home

Privacy Policy

Last updated: April 17, 2026

1. Introduction

Welcome to the Email Bucket Organizer ("we", "our", or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy describes how we collect, use, store, and share your information when you use our application.

2. Google API Services User Data Policy & Limited Use Compliance

Our application accesses Gmail data through the Google API. The Email Bucket Organizer's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

In compliance with Google's Limited Use requirements, we affirm that:

  • We do not use Google user data for serving advertisements or retargeting.
  • We do not use Google user data for profiling users or creating user profiles unrelated to the core email organization functionality.
  • We do not transfer or sell Google user data to third parties, except as necessary to provide the user-facing email classification feature (described in Section 5) or as required by law.
  • We do not use Google user data for training machine learning or AI models that are not directly related to providing the email classification feature to the user.
  • Google user data is used solely to provide user-facing functionality: organizing unread Gmail messages into categorized buckets for easier inbox management.

3. Google OAuth Scopes We Use

We request the following Google OAuth scopes, progressively, based on the features you choose to enable:

  • openid — To authenticate your Google identity.
  • userinfo.profile — To retrieve your display name for your account.
  • userinfo.email — To retrieve your email address for account identification.
  • gmail.metadata (base) — To read email headers (sender, subject, date) without accessing message content. Requested on initial sign-in.
  • gmail.readonly (optional) — To read email snippets (brief text previews up to 300 characters). Only requested if you explicitly enable "Read Access" in Account Settings to improve AI classification accuracy.
  • gmail.modify (optional) — To mark emails as read in Gmail on your behalf. Only requested if you explicitly enable "Modify Access" in Account Settings.

We follow a progressive permission model: we start with the minimum required permissions and only request additional scopes when you opt in to specific features.

4. What Data We Collect & Why

We collect the following data to provide our inbox organization service:

  • Google Profile Data: Your email address and display name, obtained during Google OAuth sign-in, used to create and identify your account.
  • OAuth Credentials: We store OAuth access tokens and refresh tokens, encrypted at rest within our PostgreSQL database. These credentials are stored alongside our application's client identifiers as required by the OAuth protocol. They are used exclusively to make authorized Gmail API requests on your behalf. Credentials are protected via encrypted database connections (SSL/TLS), parameterized queries to prevent injection, and server-side access controls.
  • Email Metadata (sender, subject, date, Gmail message ID): When you initiate a scan, we fetch and store this data from your unread emails. Why storage is necessary: Email metadata must be persisted so that our AI classification engine can assign emails to buckets, and so you can view, manage, and interact with your organized inbox across sessions without re-fetching from Gmail each time. Transient-only processing is impractical because users return to their dashboard throughout the day and expect their buckets and sorted emails to persist between visits.
  • Email Snippets (up to 300 characters): If you grant gmail.readonly permission, we also store a brief text preview of each email. Why storage is necessary: Snippets improve AI classification accuracy by providing additional context beyond sender/subject. They are stored alongside metadata so that the AI can produce more meaningful bucket groupings and so previews can be displayed in the dashboard without requiring real-time Gmail API calls.
  • Subscription & Usage Data: We track your subscription tier (free or Pro), the number of scans you have performed, and daily usage counters to enforce service limits.

5. How We Use Third-Party AI Services

To categorize your emails into buckets, we send email metadata (sender, subject line) and, when available, email snippets to the Google Gemini API. This data is transmitted solely for the purpose of providing the user-facing email classification feature. The data sent to the Gemini API is subject to Google's Gemini API Terms of Service.

We use the Gemini API's paid tier, which means data sent through the API is not used by Google to train their models per Google's data usage policies for paid API access. We have reviewed Google's data handling terms and selected this tier specifically to protect your data. We encourage you to review Google's Gemini API policies directly for the latest information on how they handle API data.

6. Data Storage, Retention & Deletion

Your email metadata and snippets are stored in our PostgreSQL database. We retain this data only as long as necessary to provide the service:

  • On re-scan: When you perform a new scan, previously stored email records for that account are replaced with the latest results. Old data is not retained.
  • On mark-as-read or hide: When you mark emails as read or hide them via the dashboard, those specific email records are immediately and permanently deleted from our database.
  • Maximum retention period: Email metadata and snippets are retained for a maximum of 30 days from the date of the last scan. If you do not perform a new scan within 30 days, stored email data may be purged.
  • On account revocation: If you revoke our application's access via your Google Account permissions page, we become immediately unable to make new Gmail API requests. You may then use the in-app deletion feature (see below) to remove all stored data.

How to Delete Your Data

You can delete all your stored data at any time using one of the following methods:

  1. In-App: Open the sidebar → click the settings icon on any account → scroll to "Delete My Data" → confirm deletion. This immediately and permanently removes all your accounts, emails, buckets, and stored credentials from our database.
  2. API Endpoint: Send an authenticated DELETE request to /api/account/data with your session token.
  3. Email: Contact us at raxxsngh37@gmail.com to request full data deletion. We will process your request within 7 business days.

7. Information Sharing

We do not sell, rent, or trade your personal information or email data to third parties. We do not use your data for advertising, profiling, or any purpose beyond providing the email organization service. Your data is shared only with the following essential service providers required to operate the application:

  • Google Gemini API: Email metadata (sender, subject) and snippets are sent solely for AI-powered email classification. No other data is shared with Google beyond what is required for this feature.
  • Dodo Payments: If you upgrade to Pro, your email address is shared with our payment processor to complete the transaction. No email content or metadata is shared with Dodo Payments.

8. Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit: All communication between client and server uses HTTPS/TLS encryption.
  • Encryption at rest: OAuth tokens and credentials are stored in encrypted database fields within our PostgreSQL database, which uses encrypted connections (SSL).
  • Authentication: JWT-based authentication with 30-day token expiry protects all API endpoints.
  • Injection prevention: All database queries use parameterized statements to prevent SQL injection.
  • Rate limiting: API endpoints are rate-limited to prevent abuse.

However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

9. Contact Us

If you have any questions about this Privacy Policy, wish to request deletion of your data, or have concerns about our data practices, please contact us at raxxsngh37@gmail.com.