Data Safety & Privacy
Last Updated: January 10, 2025
Our Commitment
Your privacy is fundamental to how we built Inbox Copilot. We use enterprise-grade encryption, automated AI processing, and strict access controls to protect your email data at every step.
How We Process Your Emails
Inbox Copilot uses advanced AI systems to analyze and categorize your emails. Your email content is processed by automated AI models—not by human employees—to determine priority levels, generate summaries, and organize your inbox.
Your email content and subjects are encrypted at rest using AES-256 field-level encryption. This means your data is protected even with database access—only authorized systems can decrypt and process your emails for categorization. See the Encryption section below for full details.
To provide this service, we access:
- ✓ Email subject lines and body content
- ✓ Sender and recipient information
- ✓ Timestamps and metadata
- ✓ Attachment names (not attachment content)
Security Architecture
Field-Level Encryption
To secure the highest standards of privacy and security, we use AES-256 field-level encryption for all email content:
- ✓ Email subjects, body previews, and AI-generated intelligence are encrypted at rest
- ✓ Encryption keys are stored separately from the database in secure environment variables
- ✓ Even with database access, your email content remains encrypted and unreadable without the encryption key
- ✓ Your email content is encrypted by default—without your explicit consent, we do not access your encrypted data
Network & Infrastructure Security
- ✓ TLS 1.3 encryption for all network communications
- ✓ Hosted on enterprise-grade infrastructure (Vercel, Supabase/Neon)
- ✓ SOC 2 Type II certified providers
- ✓ Firewalls, intrusion detection, and DDoS protection
- ✓ OAuth 2.0 authentication—we never see or store your Google password
- ✓ Encrypted database backups with secure key management
Data Isolation
- ✓ Your data is logically isolated from other users' data using strict Row Level Security (RLS) policies
- ✓ Application-level access is always scoped to your account only; the app never exposes other users' data
- ✓ No cross-user data access is possible through the application
Data Retention & Deletion
We don't keep your data forever. Email content is stored for a maximum of 30 days, then automatically and permanently deleted. Only categorization metadata (labels, priority levels) is retained beyond this period.
Immediate deletion options:
- ✓ When you disconnect: All email content deleted immediately, all categorization data deleted within 24 hours
- ✓ When you cancel: All data permanently deleted within 24 hours, backups purged within 30 days
- ✓ Upon request: Immediate deletion of all your data
Your Control
You have complete control over your data:
- ✓ Revoke access anytime via your Google Account settings
- ✓ One-click data deletion from account settings
- ✓ Contact info@aiforthebiz.com for immediate deletion
- ✓ Optional consent for app improvement—you can enable or disable this at any time in Settings
What We Don't Do
- ❌ We don't sell your data—ever, to anyone, under any circumstances
- ❌ We don't share emails with third parties—except AI processing (OpenAI API) which doesn't store your data permanently
- ❌ We don't use your emails to train public AI models—your data stays completely private
- ❌ We don't store emails permanently—30-day maximum, then automatic deletion
- ❌ We don't allow human access by default—human access only occurs if you explicitly enable consent for app improvement
- ❌ We don't use data for advertising—no ads, no tracking, no profiling, no marketing
Breach Notification
In the unlikely event of a security breach, we will notify you within 72 hours of discovery, explain what happened and what data was affected, detail the steps we're taking to resolve the issue, and provide guidance on protecting your account.
Our Promise: We built Inbox Copilot because we believe AI can make email less overwhelming. But we also believe that convenience should never come at the cost of your privacy and security. Your trust is our most valuable asset.
Questions & Contact
Have questions about our security practices or found a security vulnerability? Contact us at info@aiforthebiz.com. We respond to security questions within 24 hours and take all vulnerability reports seriously.