This Privacy Policy describes how Shipio Direct LLC (“Inboxclean”, “we”, “us”, or “our”) collects, uses, and protects information when you use the Inboxclean website and service (collectively, the “Service”). By using the Service, you agree to the practices described here.
1. Who we are
Inboxclean is a privacy-first Gmail unsubscribe manager. We help you identify and unsubscribe from mailing lists in bulk. You can reach us at contact@inbox-clean.com.
2. Information we collect
We only collect what we need to operate the Service:
- Account data. Your email address, display name, and profile picture — provided by Google when you sign in.
- Gmail metadata. Message headers (sender, subject, date,
List-Unsubscribeheaders) and labels necessary to group senders and identify mailing lists. We do not read message bodies or attachments. - Usage data. Aggregate analytics about Service usage (e.g. unsubscribes performed, scan runs) to improve reliability. No third-party advertising trackers.
- Billing data. If you subscribe to a paid plan, payment details are processed by our payment processor. We never store full card numbers.
3. How we use information
- Authenticate you and secure your account.
- Scan Gmail metadata to group senders, categorize mailing lists, and calculate your clean score.
- Execute unsubscribe requests on your behalf — via
List-UnsubscribeURLs or one-click mailto endpoints — only when you explicitly ask us to. - Provide customer support and respond to your requests.
- Detect abuse, enforce our Terms, and comply with law.
4. Google user data & Limited Use
Inboxclean’s use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only use Gmail data to provide the unsubscribe features you see in the app.
- We do not transfer Gmail data except as necessary to provide the Service, comply with applicable law, or as part of a merger, acquisition, or sale of assets with user notice.
- We do not use Gmail data for advertising and do not allow humans to read it unless we have your explicit consent for a specific support case, the data is needed for security purposes, to comply with applicable law, or is aggregated and anonymized.
5. How we store and protect data
- OAuth tokens are encrypted at rest.
- All traffic is served over HTTPS/TLS. Databases are hosted on Supabase with row-level security.
- Access to production systems is restricted to authorized personnel and logged.
6. Data retention & deletion
You can disconnect Gmail at any time from the Settings page. When you disconnect or delete your account:
- Your OAuth tokens are revoked and deleted immediately.
- Sender metadata and unsubscribe history are deleted within 30 days, except where we are required to retain data to comply with legal obligations or resolve disputes.
You can also revoke Inboxclean’s access directly at myaccount.google.com/permissions.
7. Sharing
We do not sell personal data. We share data only with subprocessors required to run the Service (hosting, auth, email delivery, payment processing), and only to the extent needed.
8. Your rights
Depending on where you live (GDPR, CCPA, LGPD, and similar laws), you may have the right to access, correct, delete, port, or restrict processing of your personal data. To exercise these rights, contact contact@inbox-clean.com.
9. Children
Inboxclean is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect data from children.
10. International transfers
Your data may be processed in countries other than your own. We rely on standard contractual clauses and comparable safeguards where required.
11. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be announced in-app or by email. Continued use of the Service after changes take effect constitutes acceptance.
12. Contact
Questions or requests: contact@inbox-clean.com.