Privacy & Security

Your inbox. Your data. Your rules.

Email is intimate. We built Inboxwright so that intimacy stays yours. Below is a plain account of exactly which OAuth scopes we request, what we process, what we discard, and what we will never do — regardless of future product direction.

No content storage
No training on your email
Revoke anytime
Data access summary
Read incoming messages to apply triage
Read sent history to learn voice patterns
Create draft replies in compose
Store message content on our servers
Use your emails to train AI models
Share or sell your data to third parties

Four commitments. No exceptions.

These are not product decisions we revisit each roadmap cycle. They are the terms under which Inboxwright operates.

Your email is never training data

Your messages are not used to train, fine-tune, or evaluate any AI model — ours or any third party's. The voice model learns your pattern from your sent history; that learning lives in a statistical profile tied to your account, and is deleted when you leave. It does not contribute to a shared model.

Email content is never stored

Message content is read in memory, used to generate a draft, and discarded. What we retain is limited to: your account settings, your voice pattern metadata (statistical, not verbatim), and billing records. No email text persists on Inboxwright servers after the draft is produced.

OAuth access, revocable instantly

We request only two scopes: read messages and create drafts. We never ask for your password. You can revoke Inboxwright's access directly from your Google or Microsoft connected-apps settings — without contacting us — and all access stops immediately.

HTTPS/TLS everywhere, no data brokering

All connections are encrypted in transit via TLS 1.2 or higher. Stored data is encrypted at rest using AES-256. We do not sell, share, or license your data to advertising networks, data brokers, or analytics aggregators.

What Inboxwright will never do.

Some capabilities are off the table regardless of how the product evolves.

Send email on your behalf without your explicit action
Every draft requires you to open it, review it, and press send. Inboxwright does not have an autosend mode. It does not send based on schedules without your approval step. Reply scheduling queues a draft for delivery — you still approved the send.
Store or log the text of your emails
Message content is processed in memory only. No email text is written to a database or log file on our servers. The email stays in your Gmail or Outlook account — Inboxwright reads it to do its job, then lets go of it.
Use your inbox to train shared AI models
Your sent history trains your personal voice profile — a per-account statistical model that belongs to you and is deleted when you close your account. It does not contribute to a shared model that improves drafts for other users.
Delete or move emails from your account
We request compose-draft scope, not write-delete access. Inboxwright cannot delete, archive, or move messages in your actual inbox. Triage routing happens in Inboxwright's view layer — your underlying mailbox is unchanged.

How your data flows.

A plain diagram of what happens — and what doesn't.

Gmail / Outlook OAuth access read only Inboxwright Engine processes locally draft only Draft returned to you No storage content discarded

Technical questions.

For Gmail: gmail.readonly (read messages) and gmail.compose (create drafts in compose). We do not request gmail.modify or gmail.labels. For Microsoft 365 / Outlook: Mail.Read and Mail.ReadWrite scoped to draft creation only — we do not request Mail.Send. The OAuth permissions dialog you see during setup shows exactly what we're requesting; read it before connecting.
Voice pattern data — the statistical model of your writing habits, not message text — is retained while your account is active and you're a paying subscriber. Cancelling your subscription or revoking OAuth access triggers deletion of all voice profile data within 72 hours. Billing records are retained for 7 years as required by US tax law; no email content is part of billing records.
We use: cloud compute infrastructure for processing (your email content is never written to persistent storage on this infrastructure); a payment processor for subscription billing (they receive billing details, not email data); and standard authentication libraries. We do not use third-party analytics services that receive personally identifiable data. Our Privacy Policy lists sub-processors.
Inboxwright is a US-based company governed by Washington State law. We design with data minimization principles in mind: we collect only what's needed to provide the service, retain it only as long as necessary, and honor deletion requests. California residents have CCPA rights including the right to know, delete, and opt out of sale — we do not sell personal data. Users in other jurisdictions: we honor access and deletion requests regardless of location. See our Privacy Policy for full detail.
Two paths: (1) Revoke OAuth access from your Google or Microsoft connected-apps settings — this stops all data access immediately and triggers voice profile deletion within 72 hours. (2) Email [email protected] with the subject "Data deletion request" for full account and billing record erasure within 30 days. You do not need to contact a support queue to revoke access — that step is entirely in your control, in your provider's settings.