InboxContext Privacy Policy

Effective Date: January 22, 2026

1. Introduction

InboxContext ("we," "our," or "us") is a Chrome extension that provides relationship context and contact insights directly within Gmail. This Privacy Policy explains how we collect, use, store, and protect your information when you use InboxContext.

You can contact us at admin@inboxcontext.com.

2. Google API Services User Data Policy Compliance

IMPORTANT: InboxContext's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

2.1 Limited Use Disclosure

InboxContext complies with Google's Limited Use requirements. Specifically, we:

  1. Only use Google user data to provide or improve user-facing features that are prominent in InboxContext's user interface.
  2. Only transfer Google user data to others if necessary to provide or improve user-facing features, with the user's consent, for security purposes, to comply with applicable laws, or as part of a merger/acquisition with user notice.
  3. Do not use or transfer Google user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  4. Do not allow humans to read Google user data unless: (i) we have obtained your affirmative consent to view specific data, (ii) it is necessary for security purposes, (iii) it is necessary to comply with applicable law, or (iv) the data is aggregated and anonymized for internal operations.
  5. Do not use Google user data to develop, improve, or train generalized artificial intelligence (AI) or machine learning (ML) models.

3. Data We Access from Google APIs

InboxContext requests access to the following Google API scopes to provide its functionality:

3.1 Gmail API (gmail.readonly)

What we access: Email metadata including sender/recipient email addresses, subject lines, dates, and thread information. We also access email content for signature parsing and AI-powered features.

Why we need it: To display your email history with contacts, calculate relationship strength scores, detect response patterns, parse contact information from email signatures, generate AI-powered conversation summaries, and detect commitments/promises made in emails.

How we use it: Email metadata is displayed in the sidebar when viewing emails. Signature parsing happens entirely in your browser—email content is never sent to our servers. For AI features (Pro tier only), email content is sent to OpenAI's API with industry-standard encryption and is not used for model training.

3.2 Google Calendar API (calendar.events.readonly)

What we access: Calendar event details including event titles, times, attendees, and descriptions.

Why we need it: To power Meeting Prep Mode, which surfaces relevant context about meeting attendees before your scheduled calls.

How we use it: We check your upcoming calendar events and display attendee context in the sidebar 15-30 minutes before meetings. Calendar data is used only for display and is not stored on our servers.

3.3 Google Tasks API (tasks)

What we access: Your Google Tasks lists and task items.

Why we need it: To create follow-up reminders that sync with your Google Tasks, ensuring you never forget commitments made in emails.

How we use it: When you create a reminder in InboxContext, we create a corresponding task in your Google Tasks. We do not read or modify tasks created outside of InboxContext.

3.4 User Info (userinfo.email, userinfo.profile)

What we access: Your email address and basic profile information (name, profile photo).

Why we need it: To create and manage your InboxContext account.

How we use it: Your email address is stored in our database to identify your account. Profile information is displayed in the extension interface.

4. Data Storage and Security

4.1 Data We Store on Our Servers

  • Your account information (email address, subscription status)
  • Contact metadata you create (notes, tags, custom fields)
  • LinkedIn enrichment data (from Apollo.io, cached for 30 days)
  • Encrypted OAuth tokens for Google API access

4.2 Data We Do NOT Store on Our Servers

  • Email content or bodies (signature parsing is client-side only)
  • Full email threads
  • Email attachments
  • Calendar event details
  • Google Tasks data

4.3 Security Measures

We implement industry-standard security measures to protect your data, including: encryption in transit (TLS 1.3) and at rest, secure OAuth 2.0 authentication, regular security audits, access controls limiting employee access to user data, and secure cloud infrastructure (Vercel, Neon PostgreSQL with encryption).

5. Third-Party Services

InboxContext uses the following third-party services:

Apollo.io: For LinkedIn profile enrichment (Pro tier). We send contact email addresses to Apollo.io to retrieve professional information. Apollo.io Privacy Policy

OpenAI: For AI-powered features (Pro tier) including conversation summaries, talking points, and commitment detection. Email content sent to OpenAI is processed according to their API data usage policy—it is not used to train their models. OpenAI Privacy Policy

Payment Processing (Paystack): For subscription billing. We do not store your payment card details. Paystack Privacy Policy

6. Data Retention

  • Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
  • Contact notes/tags: Retained while your account is active. Deleted with account deletion.
  • LinkedIn enrichment cache: Automatically expires after 30 days.
  • OAuth tokens: Revoked and deleted upon account deletion or when you disconnect Google from InboxContext.

7. Your Rights and Choices

You have the following rights regarding your data:

Access: You can request a copy of all data we store about you.

Deletion: You can delete your account and all associated data at any time from the extension settings, or by contacting admin@inboxcontext.com.

Revoke Access: You can revoke InboxContext's access to your Google account at any time via Google's Security Settings.

Export: Pro users can export their contact notes and tags at any time.

8. We Do Not Sell Your Data

InboxContext does not sell, rent, or share your personal data or Google user data with third parties for their marketing purposes. We do not use your data for advertising. We do not share your data with data brokers.

9. Children's Privacy

InboxContext is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on our website and updating the "Effective Date" at the top. Your continued use of InboxContext after changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

12. Additional Disclosures for Google Users

This section provides additional transparency required by Google's policies:

Application Type: InboxContext is a productivity application (Chrome extension) that helps users manage professional relationships within Gmail.

Data Processing Location: Our servers are located in the United States (Vercel) and European Union (Neon PostgreSQL). Data is processed and stored in compliance with applicable data protection laws.

Encryption: All data transmitted between your browser and our servers is encrypted using TLS 1.3. Data at rest is encrypted using AES-256.

Human Access to Data: InboxContext employees do not read your emails or personal data unless: (1) you explicitly request support and consent to sharing specific data, (2) required for security incident investigation, or (3) required by law. All employees with potential data access are bound by confidentiality agreements.

AI/ML Training: We do not use any Google user data to train, improve, or develop generalized artificial intelligence or machine learning models. AI features in InboxContext use third-party APIs (OpenAI) that process data according to their enterprise data policies and do not use customer data for model training.