InboxPilot logoInboxPilotLocal triage preview
Sign in
Effective May 1, 2026

Privacy Policy

InboxPilot is built for sensitive inbox data. This policy explains what the app accesses, how it uses AI, and how connected mailbox data should be handled.

What InboxPilot does

InboxPilot helps users triage email by scanning connected messages, categorizing them, ranking priority, creating task items, and optionally generating reply suggestions.

Information we collect

When you use InboxPilot, we may collect account profile information, your email address, connected provider metadata, encrypted provider tokens, scan settings, triage results, review actions, task items, feedback, and draft reply text that you choose to save or send.

Gmail data access

InboxPilot only accesses Gmail data after you explicitly sign in and connect Gmail. Gmail access is used to read recent messages for triage, send replies only after you approve them, and archive messages only after you confirm the archive action.

How we use Gmail data

Gmail message data is used to provide user-facing email triage, priority ranking, category labels, task workflows, reply drafting, sending approved replies, and confirmed archive actions. InboxPilot does not use Gmail data for advertising or unrelated product analytics.

AI processing

If you opt in, InboxPilot may send selected message metadata, snippets, and available body text to OpenAI to improve classification, next-step summaries, and reply suggestions. If you opt out, InboxPilot scans with local rules only. You can change this preference in Settings.

Storage and retention

InboxPilot may store encrypted provider connection tokens, triage results, task records, review state, feedback, and editable draft replies so your workflow can persist across sessions. We aim to minimize email body retention and keep sensitive provider credentials encrypted server-side.

Sharing and sale of data

InboxPilot does not sell your personal information or email data. We do not share Gmail data with advertisers. Data may be processed by infrastructure providers, Supabase, OpenAI if you opt in to AI processing, and Google APIs only as needed to operate the product.

Google API Limited Use

InboxPilot's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Security

Provider tokens are intended to be encrypted at rest and used only from server-side routes. Production versions should maintain secure token storage, least-privilege access, audit logs for provider actions, and controls that let users revoke connected accounts.

Your controls

You can disconnect Gmail from the Connections page, opt in or out of OpenAI-assisted processing from Settings, review or remove tasks, and choose whether to send replies or archive messages. InboxPilot does not send replies or archive emails without your confirmation.

Children's privacy

InboxPilot is not intended for children under 13. We do not knowingly collect personal information from children under 13.

Changes to this policy

We may update this policy as InboxPilot changes. When material changes are made, the effective date on this page will be updated.

Questions, access requests, or deletion requests should be directed to the support email listed on the Google OAuth consent screen for InboxPilot.

View Terms of Service