Privacy Policy
Effective Date: January 10, 2025
Last Updated: January 10, 2025
1. Introduction
Inbox Copilot ("we," "our," or "us") is operated by aiforthebiz.com. This Privacy Policy explains how we collect, use, and protect your information when you use our AI-powered email assistant service.
Contact us: info@aiforthebiz.com
2. Information We Collect
2.1 Email Data
To provide our service, we access and process your Gmail data through Google's official Gmail API:
What we access:
- Email content (subject lines, body text, sender/recipient information)
- Email metadata (timestamps, labels, read/unread status, thread information)
- Attachment metadata (file names and types, but not attachment content)
Why we need this:
- To analyze and categorize emails by priority level
- To generate AI-powered summaries of email content
- To apply color-coded labels in your Gmail inbox
- To create your daily morning brief
- To draft suggested responses (planned feature)
2.2 Account Information
- Google account email address
- Account preferences and settings
- Subscription and billing information
2.3 Usage Data
- Service usage statistics
- Error logs and diagnostic data
- Feature usage patterns (anonymized)
3. How We Use Your Information
We use your information solely to provide and improve Inbox Copilot:
- Email Categorization: AI analyzes email content to determine priority levels
- Summarization: Generate brief summaries of email content
- Label Management: Apply and sync labels in your Gmail account
- Morning Brief: Compile and send daily priority email summaries
- Service Improvement: Analyze usage patterns to improve features (anonymized data only)
4. Data Protection and Security
4.1 Sensitive Data Filtering
Before any email content is processed by our AI, we automatically detect and filter out:
- Passwords and authentication credentials
- Credit card numbers and financial account information
- Social security numbers and tax identifiers
- API keys, access tokens, and private keys
- Medical records and health information
- Government-issued ID numbers
Our filtering system uses pattern matching and machine learning to identify and redact sensitive information before AI processing.
Example:
Original email: "Your new password is: MyP@ssw0rd123"
Processed by AI: "Your new password is: [REDACTED]"
The sensitive data is never sent to our AI or stored in our database.
4.2 Encryption
- In Transit: All data is encrypted using TLS 1.3
- At Rest: All stored data is encrypted using AES-256
- Authentication: We use OAuth 2.0; we never store your Google password
4.3 Access Controls
- Only automated AI systems process your emails
- No human employees read or access your email content
- All system access is logged and monitored
- Your data is isolated from other users' data
5. Data Retention and Deletion
Temporary Storage
- Email content is stored for a maximum of 30 days
- After 30 days, email content is automatically and permanently deleted
- Only categorization metadata (labels, priority levels) is retained
Permanent Deletion
- When you disconnect your account: All data deleted within 24 hours
- When you cancel your subscription: All data deleted within 24 hours
- Upon request: Immediate deletion of all your data
6. Data Sharing
We do NOT:
- ❌ Sell your data to anyone
- ❌ Share your emails with third parties for marketing
- ❌ Use your emails to train public AI models
- ❌ Allow human access to your email content
We DO share data with:
- Google Gmail API: To access your emails (required for service)
- OpenAI API: To power AI categorization and summarization (email content only, no permanent storage)
- Stripe: For payment processing (billing information only)
- Cloud Infrastructure: Vercel (hosting) and Supabase/Neon (database) - all GDPR-compliant and SOC 2 certified
All third-party services are bound by strict data processing agreements.
7. Your Rights and Controls
You have the right to:
- Access: View what data we have about you
- Delete: Request immediate deletion of all your data
- Revoke: Disconnect access instantly via Google Account settings
- Export: Request a copy of your data
- Object: Opt out of certain data processing activities
To exercise these rights, contact us at info@aiforthebiz.com or revoke access through your Google Account settings.
8. International Data Transfers
Your data may be processed in countries outside your residence. We ensure all transfers comply with GDPR and other applicable data protection laws through standard contractual clauses and adequate safeguards.
9. Children's Privacy
Inbox Copilot is not intended for users under 18 years of age. We do not knowingly collect data from children.
10. Breach Notification
In the unlikely event of a security breach, we will:
- Notify you within 72 hours of discovery
- Explain what happened and what data was affected
- Detail the steps we're taking to resolve the issue
- Provide guidance on protecting your account
- Notify relevant authorities as required by law
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes via email at least 30 days before they take effect. Continued use of the service after changes constitutes acceptance.
Our Promise: We built Inbox Copilot because we believe AI can make email less overwhelming. But we also believe that convenience should never come at the cost of your privacy and security. Your trust is our most valuable asset.
12. Contact Us
For privacy questions or concerns:
- Email: info@aiforthebiz.com
- Website: aiforthebiz.com