Privacy Policy
Effective Date: January 10, 2025
Last Updated: January 10, 2025
Privacy First
Your privacy is fundamental to how we built Inbox Copilot. We use enterprise-grade encryption, automated AI processing, and strict access controls to protect your email data at every step.
1. Introduction
Inbox Copilot ("we," "our," or "us") is operated by aiforthebiz.com. This Privacy Policy explains how we collect, use, and protect your information when you use our AI-powered email assistant service.
Contact us: info@aiforthebiz.com
2. Information We Collect
2.1 Email Data
To provide our service, we access and process your Gmail data through Google's official Gmail API. Your email content is processed by automated AI systems to determine priority levels, generate summaries, and organize your inbox.
Your email content and subjects are encrypted at rest using AES-256 field-level encryption. This means your data is protected even with database access—only authorized systems can decrypt and process your emails for categorization. See Section 4.2 for full encryption details.
What we access:
- Email content (subject lines, body text, sender/recipient information)
- Email metadata (timestamps, labels, read/unread status, thread information)
- Attachment metadata (file names and types, but not attachment content)
Why we need this:
- AI systems analyze email content to determine priority levels and categorize emails
- AI generates summaries of email content for your morning brief
- Automated systems apply color-coded labels in your Gmail inbox
- AI creates your daily morning brief with prioritized email summaries
2.2 Account Information
- Google account email address
- Account preferences and settings
- Subscription and billing information
2.3 Usage Data
- Service usage statistics (anonymized)
- Error logs and diagnostic data (no email content)
- Feature usage patterns (anonymized and aggregated)
3. How We Use Your Information
We use your information solely to provide and improve Inbox Copilot. All email processing is performed by automated AI systems.
- AI Email Categorization: Automated AI systems analyze email content to determine priority levels and assign appropriate labels
- AI Summarization: AI generates brief summaries of email content for your morning brief
- Automated Label Management: Systems automatically apply and sync labels in your Gmail account
- Morning Brief: AI compiles and sends daily priority email summaries
- Service Improvement: Analyze anonymized usage patterns to improve features
4. Data Protection and Security
4.1 Encryption
To secure the highest standards of privacy and security, we use multiple layers of encryption:
- In Transit: All data is encrypted using TLS 1.3 for all network communications
- At Rest: We use AES-256 field-level encryption for email content. Email subjects, body previews, and AI-generated intelligence are fully encrypted and stored securely
- Key Management: Encryption keys are stored separately from the database in secure environment variables
- Default Protection: Your email content is encrypted by default—without your explicit consent, we do not access your encrypted data
- Authentication: We use OAuth 2.0; we never see or store your Google password
4.2 Access Controls
Your email content is processed by automated AI systems and encrypted at rest. Even with database access, your email content remains encrypted and unreadable without the encryption key.
- Only automated AI systems process your emails
- Email content is encrypted with field-level encryption
- Your data is logically isolated from other users' data using strict Row Level Security (RLS) policies
- Application-level access is always scoped to your own data only; there is no cross-user data access through the app
4.3 User Consent for App Improvement
We continuously work to improve Inbox Copilot's AI accuracy and features. You can enable consent to share your encrypted email data for analysis to help improve our AI models and classification accuracy.
What This Means:
- If you enable consent, authorized personnel may decrypt and analyze your encrypted email content to improve our AI models and classification accuracy
- This analysis is performed for improvement purposes only
- Your email content remains encrypted in the database—decryption only occurs when you have enabled consent and only for improvement purposes
- You can enable or disable this consent at any time in your account Settings
- You can use Inbox Copilot fully regardless of your consent setting
5. Data Retention and Deletion
Temporary Storage
We don't keep your data forever. In fact, we automatically delete it:
- Email content is stored for a maximum of 30 days
- After 30 days, email content is automatically and permanently deleted
- Only categorization metadata (labels, priority levels) is retained beyond this period
Permanent Deletion
- When you disconnect your account: All data deleted within 24 hours
- When you cancel your subscription: All data deleted within 24 hours
- Upon request: Immediate deletion of all your data
6. Data Sharing
We do NOT:
- ❌ Sell your data to anyone
- ❌ Share your emails with third parties for marketing
- ❌ Use your emails to train public AI models
- ❌ Access your encrypted email content without your explicit consent
We DO share data with:
- Google Gmail API: To access your emails (required for service)
- OpenAI API: To power AI categorization and summarization (email content only, no permanent storage on OpenAI's servers)
- Stripe: For payment processing (billing information only)
- Cloud Infrastructure: Vercel (hosting) and Supabase/Neon (database) - all GDPR-compliant and SOC 2 certified
All third-party services are bound by strict data processing agreements and privacy policies.
7. Your Rights and Controls
You have complete control over your data:
- Access: View what data we have about you
- Delete: Request immediate deletion of all your data
- Revoke: Disconnect access instantly via Google Account settings
- Export: Request a copy of your data
- Object: Opt out of certain data processing activities
- Consent Management: Enable or disable consent for app improvement at any time in Settings
To exercise these rights, contact us at info@aiforthebiz.com or revoke access through your Google Account settings.
8. International Data Transfers
Your data may be processed in countries outside your residence. We ensure all transfers comply with GDPR and other applicable data protection laws through standard contractual clauses and adequate safeguards.
9. Children's Privacy
Inbox Copilot is not intended for users under 18 years of age. We do not knowingly collect data from children.
10. Breach Notification
In the unlikely event of a security breach, we will:
- Notify you within 72 hours of discovery
- Explain what happened and what data was affected
- Detail the steps we're taking to resolve the issue
- Provide guidance on protecting your account
- Notify relevant authorities as required by law
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email at least 30 days before they take effect. Continued use of the service after changes constitutes acceptance.
Our Promise: We built Inbox Copilot because we believe AI can make email less overwhelming. But we also believe that convenience should never come at the cost of your privacy and security. Your trust is our most valuable asset, and we've designed every aspect of our system to protect it.
12. Contact Us
For privacy questions or concerns:
- Email: info@aiforthebiz.com
- Website: aiforthebiz.com