Privacy Policy

When you sign in with Google, we access the following through the Gmail API:

• Your email address and basic profile information
• Gmail messages (subject, sender, date, body content) for triage, prioritization, follow-up tracking, and cleanup features
• Sender information used to build your sender priority tiers

We store the following data in our database (Supabase/PostgreSQL):

• Cached inbox messages (subject, sender, snippet, labels, dates)
• Sender priorities and tier assignments
• Reply queue and follow-up tracking entries
• Action history (for undo functionality)
• Follow-up cache
• Unsubscribe log

Your data is used exclusively to provide the Clearbox service:

• Triaging and categorizing your inbox by sender priority
• Tracking emails awaiting replies (follow-up detection)
• Bulk cleanup and unsubscribe features
• Snoozing and queuing emails for later action
• Displaying your unified inbox across multiple connected Gmail accounts

Clearbox uses the Anthropic Claude API to analyze unsubscribe pages and assist with automated unsubscription. When you use the AI auto-unsubscribe feature, the content of unsubscribe pages may be sent to Anthropic for analysis. We also use Browserless.io to visit unsubscribe pages on your behalf via a headless browser. No email body content is sent to these third-party AI or browser services for purposes other than unsubscribe processing.

• OAuth tokens are encrypted at rest using AES-256-GCM encryption
• Session cookies are httpOnly, secure, and HMAC-signed
• All data is stored in Supabase (PostgreSQL) with row-level user isolation
• The application is hosted on Netlify with HTTPS enforced
• All database queries are filtered by authenticated user ID to ensure strict data isolation

We use the following third-party services to operate Clearbox:

• Google Gmail API — email access and management
• Supabase — database storage and authentication
• Anthropic Claude API — AI-powered unsubscribe page analysis
• Browserless.io — headless browser for automated unsubscribe actions
• Netlify — application hosting

Each service processes data only as needed to provide its respective functionality. We do not sell, rent, or share your personal data with any third party for marketing or advertising purposes.

You can disconnect any Gmail account from Clearbox at any time. When you disconnect an account, we revoke the OAuth token and delete all associated data for that account from our database.

Cached inbox data is retained only while your account is connected and is used solely for providing the service.

• Disconnect any connected Gmail account at any time, which deletes all associated data
• Access your data through the Clearbox dashboard
• Request complete deletion of your account and all stored data by emailing chananzlot@gmail.com

Clearbox requests the minimum Gmail OAuth scopes required to deliver its features. Each scope is mapped to a specific functionality below:

• https://www.googleapis.com/auth/gmail.modify— Used to archive, label, mark as read/unread, move to trash, send replies, and create drafts on your behalf. This scope is required because all of Clearbox's triage, queue, snooze, and cleanup actions involve modifying your inbox.
• https://www.googleapis.com/auth/gmail.readonly — Used to read message metadata (sender, subject, date, snippet) and full message bodies for triage, follow-up detection, sender prioritization, and the in-app preview.
• https://www.googleapis.com/auth/drive.file — Requested only when you explicitly trigger a Gmail backup. Limited to files Clearbox itself creates; we cannot read or modify any other files in your Drive.
• openid, email, profile — Standard sign-in scopes used to identify your account and display your name and avatar in the app.

Clearbox's use and transfer of information received from Google APIs to any other app adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, Clearbox affirms that it:

• Only uses access to read, write, modify, or control Gmail message bodies, metadata, headers, and settings to provide a user-facing email management feature inside Clearbox.
• Does not transfer or sell Google user data to third parties for advertising, marketing, market research, or any unrelated purpose.
• Does not use Google user data to serve advertisements, including retargeted, personalized, or interest-based advertising.
• Does not allow humans to read Google user data unless the user provides affirmative consent for specific messages, it is necessary for security purposes (e.g. investigating abuse), to comply with applicable law, or for Clearbox's internal operations where the data has been aggregated and anonymized.
• Does not use Google user data to train, fine-tune, or improve generalized or non-personalized AI/ML models. AI features (e.g. AI-assisted unsubscribe) only process the specific page content needed for the requested action and do not feed back into model training.

You can revoke Clearbox's access to your Google account at any time:

• From inside Clearbox: open the Settings (⚙) menu → Accounts → click Disconnect next to the account. This revokes the OAuth token at Google and deletes all associated data from our database.
• From your Google account: visit myaccount.google.com/permissions, find "Clearbox," and click Remove access.

To request complete deletion of your account and every record we hold about you, email chananzlot@gmail.com from the Gmail address you use to sign in. We will permanently delete your data within 30 days and confirm by email when complete.

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. Continued use of Clearbox after changes constitutes acceptance of the updated policy.

For any privacy-related question, request, or concern, contact us at chananzlot@gmail.com. We aim to respond within 5 business days.