\n \n \n \n
CleanInbox
Scan My Inbox

Privacy Policy

Last updated: September 2025

Overview

Your privacy matters. This Policy explains what data we collect, why we collect it, and how we safeguard it.

Information We Collect

We collect only the minimum needed to operate CleanInbox. We never store your email password and use OAuth where possible.

  • Gmail metadata (read-only): when you run a scan we read message IDs and select headers (From, Reply-To, List-Unsubscribe, List-Id, Subject, Authentication-Results) to identify subscriptions. We do not read bodies or attachments.
  • Email address: used to label your current inbox and to track paid plan usage.
  • OAuth tokens: short-lived Google tokens cached locally in your browser to avoid repeated prompts.
  • Demo usage info: an anonymous browser ID and basic counters to enforce demo limits; Cloudflare may also provide an IP for rate limiting.
  • Paid usage counters: per-email scan counts to enforce Basic/Plus/Pro limits.
  • Billing status (via Stripe): purchase state, price ID and Stripe customer ID for account management. We never receive card numbers.
  • Local preferences: plan label, current inbox, whitelisted senders, and consent (TOS/Privacy acceptance) stored in your browser.

How We Use Information

  • To detect newsletters/promotions and surface unsubscribe options.
  • To enforce demo and plan limits fairly.
  • To confirm purchases and enable plan features (via Stripe).
  • To improve reliability and prevent abuse.

Where Your Data Lives

  • In your browser: Gmail tokens, preferences, whitelists, consent, and the email address of the active inbox.
  • Cloudflare KV: anonymous demo counters and per-email usage counts (metadata only).
  • Stripe: checkout sessions and customer records. Card data never touches our servers.

Retention

  • Demo counters: typically up to 30 days (auto-expire).
  • Usage counters: retained while your account is active or until you ask us to delete them.
  • OAuth tokens: short-lived; local cache remains until you sign out or clear your browser data.

Your Choices & Controls

  • Revoke access: remove CleanInbox from your Google Account at myaccount.google.com/permissions.
  • Sign out / clear cache: use the app's Sign Out or clear your browser data to remove local tokens and preferences.
  • Data requests: contact us to delete demo/usage records tied to your email or anonymous demo ID.

Third Parties

  • Google (Gmail API & Identity Services) - email access and authentication.
  • Stripe - payments and billing.
  • Cloudflare Pages & KV - hosting and key-value storage for counters.
  • CDNs (Google Fonts, Tailwind CDN) - static assets.

Security

We use HTTPS everywhere, rely on OAuth for email access, and limit what we store. Access to systems and keys follows least-privilege principles.

Contact

Questions or requests? Reach us via the Contact page.