← Back to Home
Privacy Policy
Last Updated: July 23, 2025
Version: 2.0.0
Your privacy is fundamental to how Unboxd works. When you trust us with your emails, we understand this is a big responsibility. That's why we built our Zero Access Architecture specifically so that even we can't read your emails - giving you complete control over your data.
We collect information to provide you with your AI email assistant - from basic things like your email address to more complex data like extracting action items from your emails. The information we collect depends on how you use Unboxd and how you manage your privacy controls.
When you create an account, we collect basic information to identify you and keep your account secure:
- Email address - your primary identifier for signing in
- Name - to personalize your experience
- Authentication credentials - depending on how you sign up: - Google OAuth ID (when you sign in with Google) - Apple ID (when you sign in with Apple) - Password hash (when you create a password - we never store your actual password)
Email Data
To provide AI assistance, we need access to your email content. All email data is encrypted by default with your unique key:
- Email content - subject lines, message body, and attachments so our AI can extract action items and create briefings
- Email metadata - sender, recipients, dates, and labels to organize and filter your emails
- Gmail-specific data - message IDs and thread IDs to sync properly with your Gmail account
- AI processing results - the action items, insights, and FYIs that our AI extracts from your emails
User Preferences
We store your preferences to personalize your Unboxd experience:
- AI model preferences - whether you prefer OpenAI or Anthropic models
- AI personality settings - your chosen assistant personality (Maya, Alex, Sam, or Default)
- Privacy settings - your private email addresses and keywords that should never be processed by AI
- Data retention preferences - how long you want us to keep your emails (7-90 days or forever)
- Notification and theme preferences - your app settings and appearance choices
We collect limited device information to send you notifications and ensure security:
- Push notification tokens - so we can send you alerts about important action items
- Device platform - whether you're using iOS or Android to optimize your experience
- No sensitive device identifiers - we don't collect device serial numbers or other identifying hardware information
Zero Access Architecture & Encryption
We designed Unboxd so that your privacy is protected by default, not by choice. Your emails are encrypted with your unique key before they ever reach our servers.
Zero Access Promise: Even our team cannot read your emails or personal data. This isn't just a policy - it's built into how our technology works.
How Our Encryption Works
Your data is protected with enterprise-grade encryption:
- AES-256-GCM encryption - the same standard used by banks and governments to protect all your sensitive data
- Your unique encryption key - so only you can decrypt your data
- PBKDF2 key derivation - we use 100,000 iterations to make your key virtually impossible to crack
- Everything is encrypted - your OAuth tokens, email content, and AI processing results
Privacy Controls You Can Set
You have granular control over what gets processed by AI:
- Private email addresses - mark specific senders (like your doctor or lawyer) so their emails are never processed by AI
- Private keywords - set words like "confidential" or "personal" to automatically skip emails containing them
- Real-time privacy controls - change your settings anytime and they apply immediately
- Privacy statistics - see exactly which emails were blocked and why, so you know your controls are working
We use your information to power your AI email assistant and keep you in control of your inbox. Here's how we use different types of information:
- Provide AI email assistance - We process your emails to extract action items, insights, and generate daily briefings so you never miss what's important
- Personalize your experience - We learn your preferences over time, like which emails you consider important, to adapt our AI responses and improve accuracy
- Send notifications - We alert you about urgent action items and approaching deadlines based on what our AI finds in your emails
- Maintain security - We protect your account with encryption and monitor for suspicious activity to keep your data safe
- Improve our service - We analyze usage patterns (in a way that doesn't identify you personally) to make Unboxd better for everyone
AI Processing
We use leading AI models to understand your emails and extract what's important. Here's how we handle your data when processing it with AI:
AI Models We Use
We use leading AI models to process your emails and provide intelligent assistance:
- OpenAI Models - GPT-4, GPT-4o, GPT-3.5-turbo, o1-mini, and o4-mini for advanced reasoning and email analysis
- Anthropic Models - Claude 3.5 Sonnet, Claude 3.5 Haiku, Claude 3 Opus, Claude 4 Sonnet, and Claude 4 Opus for nuanced understanding and response generation
Model Selection: We automatically select the most appropriate model based on the task (email processing, briefing generation, conversation). User choice of AI providers may be available in future updates.
How We Protect Your Data During AI Processing
Your privacy comes first, even when using AI:
- Transient processing only - your emails are processed in real-time and never stored at AI providers like OpenAI or Anthropic
- Privacy filtering happens first - emails with your private keywords or from private senders never reach AI models
- Current provider policies - Both OpenAI and Anthropic currently do not train on enterprise API data by default
- You're in control - manage privacy settings, set private keywords/addresses, or turn off AI processing entirely
AI Model Development & Training Policy
We are committed to protecting your data from being used for AI model development:
- Unboxd Policy - We do not use any user data, including Gmail data, for developing, improving, or training AI/ML models
- Current Provider Policies - As of our last policy review, both OpenAI and Anthropic do not train on enterprise/API customer data by default
- Contractual Safeguards - We use enterprise-tier services and maintain contracts that include data protection clauses
- Policy Monitoring - We actively monitor our AI providers' data usage policies and will notify users if policies change
- Transparency Commitment - If any provider's policy changes in a way that affects your data, we will provide clear notice and may change providers to maintain protection
Legal Basis for AI Processing (GDPR)
For users in the European Union, we process your emails with AI based on:
- Legitimate Interest (Article 6(1)(f) GDPR) - We have a legitimate interest in providing intelligent email assistance, which we've balanced against your privacy rights
- Your Consent (Article 6(1)(a) GDPR) - For sensitive email processing or when you specifically request AI analysis
- Performance of Contract (Article 6(1)(b) GDPR) - When AI processing is necessary to deliver the email assistant service you've subscribed to
Your Rights: You can object to AI processing based on legitimate interest at any time through your privacy settings. If processing is based on consent, you can withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
Automated Decision-Making
Our AI systems make automated decisions about:
- Email categorization (action items, FYIs, insights)
- Priority scoring for briefings
- Suggested email responses and actions
Important: These automated decisions do not produce legal effects or significantly affect you. You can always:
- Review and modify all AI-generated content before taking action
- Override any AI categorization or suggestion
- Request human review of AI decisions through our support team
- Opt out of automated processing through your privacy settings
AI Accuracy & Limitations
Important Disclaimer: AI technology has inherent limitations that you should be aware of:
- AI Can Make Mistakes - AI models may misinterpret emails, miss important information, or make incorrect categorizations
- Hallucinations - AI may occasionally generate responses or extract information that wasn't actually in your emails
- Context Limitations - AI may not fully understand complex situations, sarcasm, or nuanced communication
- Not 100% Reliable - Always review AI suggestions, categorizations, and generated content before relying on them
- No Guarantee of Accuracy - We cannot guarantee that AI processing will be error-free or meet your specific needs
Your Responsibility: You should always review and verify AI-generated content before taking any action, especially for important communications or decisions.
Data Retention
- User-configurable retention - Choose 7, 14, 30, 60, 90 days, or forever
- Default: Forever - We keep your data unless you choose otherwise
- Smart deletion - Preserves extracted action items/insights when deleting emails
- Automatic cleanup - Daily cron job enforces your retention preferences
Gmail Integration & Email Actions
To provide your AI secretary service, we need specific permissions to read and act on your Gmail account. Here's exactly what we can do and when we do it:
Gmail Permissions We Request
When you connect your Gmail account, you grant Unboxd permission to:
- Read your emails - to extract action items, create briefings, and understand your email patterns
- Create email drafts - AI-generated responses and emails that you can review, edit, and manually send through Gmail
- Modify email properties - to mark emails as read, archive them, add labels, or organize your inbox
- Compose and manage drafts - to prepare AI-suggested email responses for your review
- Access email metadata - to sync changes and maintain consistency with your Gmail account
Important: Unboxd never automatically sends emails on your behalf. All email sending is done by you through Gmail's interface after reviewing AI-generated drafts.
Actions Your AI Secretary Can Take
Your AI secretary can perform these actions in your Gmail account:
- Mark emails as read - when you've reviewed them in Unboxd or marked action items as complete
- Archive emails - to keep your inbox clean after processing newsletters or notifications
- Apply labels - to organize emails by type (action items, FYIs, insights)
- Create drafts - to prepare AI-suggested responses that you can review, edit, and manually send
- Snooze or unsnooze emails - to surface important emails at the right time
- Perform bulk cleanup operations - archive or mark multiple emails as read simultaneously
Important: Your AI secretary only takes actions when you ask it to, or when you've configured automatic actions in your settings. Unboxd never automatically sends emails - all drafts created by AI must be manually reviewed and sent by you through Gmail. You can always undo any organizational action, and we provide a complete history of all changes made to your emails.
AI Action Risks: Because AI can make mistakes, these automated actions may occasionally be incorrect. For example, AI might:
- Archive important emails that should remain in your inbox
- Mark critical unread emails as read before you've seen them
- Apply incorrect labels to emails
- Misinterpret your instructions about which emails to organize
- Perform bulk actions on the wrong set of emails
- Create draft responses that don't accurately reflect your intended message
Your Responsibility: Monitor AI actions, review all AI-generated drafts before sending, and use the undo functionality if organizational mistakes occur.
How Gmail Integration Works
We use Google's official APIs to ensure security and reliability:
- Official Google Gmail API - we use Google's secure OAuth 2.0 authentication
- Real-time sync - changes are synchronized via Google Cloud Pub/Sub webhooks
- No data shared with Google - we don't share your email content or AI insights with Google
- Revocable access - you can disconnect Unboxd from your Gmail account at any time
Google API Services Compliance
Unboxd's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. This ensures:
- Limited Use Compliance - We only use Google user data to provide or improve user-facing features
- No Secondary Use - Google user data is not used for serving advertisements or other purposes
- Secure Handling - All Google user data is handled according to Google's security requirements
- Transparency - We provide clear disclosure of how Google user data is used in our service
Other Third-Party Services
Push Notifications
We use official notification services to alert you about important emails:
- Apple Push Notifications (APNs) - for iOS devices to send you alerts about action items
- Firebase Cloud Messaging (FCM) - for Android devices to deliver notifications
- Notification content only - we don't use these services for tracking or analytics
Your Rights (GDPR Compliance)
Under GDPR and other privacy laws, you have the right to:
- Access your data - View all personal information we have about you
- Export your data - Download complete data export in JSON format
- Delete your data - Permanently remove all personal information
- Correct your data - Update or correct any inaccurate information
- Control processing - Manage privacy settings and AI processing
- Object to processing - Specifically object to AI processing based on legitimate interest
- Data portability - Receive your data in a structured, machine-readable format
US State Privacy Rights
For residents of US states with comprehensive privacy laws (California, Virginia, Colorado, Connecticut, Utah), you have additional rights:
California Privacy Rights (CCPA/CPRA)
- Right to Know - Request information about personal information we collect, use, and share
- Right to Delete - Request deletion of your personal information
- Right to Correct - Request correction of inaccurate personal information
- Right to Opt-Out - Opt out of the "sale" or "sharing" of personal information (Note: We do not sell or share personal information as defined by CCPA)
- Right to Limit Sensitive Information Use - Limit use of sensitive personal information to providing services
- Non-Discrimination - We will not discriminate against you for exercising your privacy rights
Other State Privacy Rights
- Virginia (VCDPA) - Similar rights to California including access, deletion, correction, and opt-out rights
- Colorado (CPA) - Rights to access, delete, correct, and opt-out of targeted advertising and profiling
- Connecticut (CTDPA) - Comprehensive privacy rights including data portability and opt-out rights
- Utah (UCPA) - Rights to access, delete, and opt-out of targeted advertising
Important Clarifications
- No Sale or Sharing - We do not "sell" or "share" personal information as defined by state privacy laws
- No Targeted Advertising - We do not use your data for targeted advertising or cross-context behavioral advertising
- Sensitive Information - Email content may be considered sensitive personal information under some state laws - you can limit its use through privacy controls
- How to Exercise Rights - Contact us at [email protected] or use the privacy controls in your account settings
Data Security
- Encryption at rest - Database-level encryption
- Encryption in transit - HTTPS/WSS for all communications
- Secure authentication - JWT tokens with secure flows
- Regular security audits - Ongoing security assessments
- Access controls - Role-based permissions
Data Breach Notification
In the unlikely event of a data breach that affects your personal information, we will:
- Immediate Response - Contain and assess the breach within 24 hours
- Regulatory Notification - Notify relevant authorities within 72 hours as required by GDPR and applicable laws
- User Notification - Notify affected users without undue delay if the breach is likely to result in high risk to your rights and freedoms
- Transparent Communication - Provide clear information about what happened, what data was involved, and what steps we are taking
- Remediation - Take immediate steps to fix the vulnerability and prevent future breaches
- Support - Provide dedicated support to help affected users protect themselves
No Third-Party Tracking
We do not use:
- Google Analytics or other tracking services
- Facebook Pixel or social media tracking
- Advertising identifiers
- User behavior tracking beyond app functionality
- Third-party cookies for tracking
Data Sharing
We do not sell, rent, or share your personal data with third parties except:
- Service providers - AI models for processing (transient only)
- Legal requirements - When required by law or to protect rights
- Your consent - When you explicitly authorize sharing
International Data Transfers
Your data may be processed in countries outside your residence, including the United States where our AI providers (OpenAI and Anthropic) are located. We ensure adequate protection through:
Transfer Safeguards
- Standard Contractual Clauses (SCCs) - We use EU-approved Standard Contractual Clauses with all international service providers
- Data Processing Agreements - All AI providers must sign comprehensive Data Processing Agreements that meet GDPR requirements
- Additional Technical Safeguards - End-to-end encryption, data minimization, and transient processing ensure your data is protected even during international transfers
- Regular Compliance Reviews - We continuously monitor and audit our international partners to ensure ongoing compliance
AI Provider Locations & Compliance
- OpenAI (United States) - Processes data under Standard Contractual Clauses with additional security measures
- Anthropic (United States) - Complies with international data protection standards through contractual safeguards
- No Permanent Storage - Your email data is processed transiently and never permanently stored by AI providers
- GDPR Compliance - All providers must demonstrate GDPR compliance for EU user data processing
Children's Privacy
Unboxd is not designed for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.
Changes to This Policy
We may update this privacy policy from time to time. We will notify you of any material changes by:
- Posting the updated policy on our website
- Sending you an email notification
- Providing in-app notifications
Consent Management for EU Users
For users in the European Union, we provide granular consent management:
Types of Consent We Request
- AI Processing Consent - Specific consent for processing your emails with AI models
- Sensitive Data Processing - Additional consent for processing emails that may contain sensitive information
- International Transfer Consent - Consent for transferring your data to AI providers in the United States
- Marketing Communications - Optional consent for product updates and feature announcements
How to Manage Your Consent
- Granular Controls - Manage each type of consent independently through your account settings
- Easy Withdrawal - Withdraw any consent at any time with immediate effect
- Clear Information - We provide clear information about what each consent covers before requesting it
- No Penalty - Withdrawing consent does not affect the core functionality of your account (except for AI features)
Consent Records
- Audit Trail - We maintain records of when and how you provided consent
- Consent History - View your consent history and changes in your account settings
- Legal Basis Tracking - We clearly track which legal basis applies to each type of data processing
- Regular Reviews - We periodically review and may request renewed consent for continued processing
If you have questions about this privacy policy or our data practices, please contact us:
Questions about your privacy? We're committed to transparency. Contact us anytime and we'll be happy to explain how we protect your data.
Terms of Use
Last Updated: July 23, 2025
Version: 2.0.0
Welcome to Unboxd! These terms govern your use of our AI email assistant service. By using Unboxd, you agree to these terms and our Privacy Policy.
Acceptance of Terms
By accessing or using Unboxd ("Service"), you agree to be bound by these Terms of Use ("Terms"). If you disagree with any part of these terms, you may not access the Service.
Description of Service
Unboxd is an AI-powered email assistant that:
- Reads and processes your emails using artificial intelligence
- Extracts action items, insights, and important information
- Generates daily briefings and summaries
- Provides intelligent email filtering and organization
- Offers conversational AI assistance for email management
Account Registration
Eligibility
You must be at least 13 years old to use Unboxd. By creating an account, you represent that you meet this age requirement.
You agree to:
- Provide accurate and complete information
- Keep your account information up to date
- Maintain the security of your account credentials
- Accept responsibility for all activities under your account
Email Access and Processing
Gmail Integration and Permissions
By connecting your Gmail account, you grant Unboxd permission to:
- Read your emails and email metadata - to provide AI assistant services
- Create email drafts - AI-generated responses and emails that you review, edit, and manually send through Gmail
- Modify email properties - including marking emails as read, archiving, applying labels, and organizing your inbox
- Compose and manage drafts - to prepare AI-suggested responses for your review and manual sending
- Perform email organization actions - such as snoozing emails, applying labels, or changing read status
No Automatic Sending: Unboxd never automatically sends emails on your behalf. All email sending is performed by you through Gmail after reviewing AI-generated drafts.
AI Secretary Actions
You understand and agree that your AI secretary may:
- Automatically organize your emails - by applying labels, archiving processed emails, or marking them as read
- Create email drafts - AI-suggested responses based on your conversations with the assistant that you must manually review and send
- Modify email status - to reflect actions you've taken in the app (like completing action items)
- Perform bulk operations - simultaneously process multiple emails for cleanup and organization
No Email Sending: The AI secretary never automatically sends emails. All draft emails created by AI must be manually reviewed, edited if needed, and sent by you through Gmail.
Risk Acknowledgment: You acknowledge and accept that AI actions on your Gmail account may occasionally be incorrect or unintended, including but not limited to:
- Archiving important emails you wanted to keep in your inbox
- Marking unread emails as read before you review them
- Applying wrong labels or categories to emails
- Misinterpreting instructions about email organization
- Taking actions on emails you didn't intend to modify
- Creating draft responses that don't accurately reflect your intended message
User Responsibility: You agree to monitor AI organizational actions, review all AI-generated drafts before sending, and use available undo features to correct mistakes. You assume full responsibility for any emails you choose to send after reviewing AI-generated drafts.
AI Processing
You understand and agree that:
- Your emails will be processed by AI models - using OpenAI and Anthropic services
- Processing is subject to your privacy controls - private emails and keywords are never processed
- AI processing may not be 100% accurate - you should review AI suggestions before taking action
- You retain full control - over AI access to your emails and can disable processing anytime
- All actions are reversible - we provide undo functionality and action history
User Responsibilities
Acceptable Use
You agree not to:
- Use the Service for illegal or unauthorized purposes
- Violate any applicable laws or regulations
- Attempt to interfere with or disrupt the Service
- Access other users' accounts or data
- Reverse engineer or attempt to extract source code
- Use the Service to transmit harmful content
Content Responsibility
You are responsible for:
- All content in your emails and messages
- Ensuring you have rights to any content you share
- Complying with applicable laws regarding your email content
- Managing your privacy settings appropriately
Privacy and Data Protection
Zero Access Architecture
Unboxd implements Zero Access Architecture, meaning:
- Your emails are encrypted with your unique key
- Even our team cannot read your emails
- You control what data is processed by AI
- You can block specific emails from AI processing
Privacy Controls
You have the right to:
- Set private email addresses and keywords
- Configure data retention preferences
- Export all your data
- Delete your account and data at any time
AI and Machine Learning
AI Accuracy & Limitations
You understand and acknowledge that:
- AI-generated content may contain errors or inaccuracies - including misinterpretations, missed information, or incorrect categorizations
- AI hallucinations may occur - AI may generate responses or extract information that wasn't actually in your emails
- Context limitations exist - AI may not fully understand complex situations, sarcasm, cultural nuances, or implied meanings
- AI responses should always be reviewed before taking any action, especially for important communications
- Unboxd is not responsible for decisions made based on AI output - you assume full responsibility for verifying and acting on AI suggestions
- AI capabilities may improve or change over time - but accuracy is never guaranteed
- No warranty of fitness - AI suggestions may not be suitable for your specific needs or circumstances
Learning and Personalization
The Service may learn from your usage patterns to:
- Improve personalization and accuracy
- Adapt to your preferences and communication style
- Provide better email filtering and organization
Subscription and Billing
Service Tiers
Unboxd may offer different service tiers with varying features and limitations.
Payment Terms
If you purchase a paid subscription:
- Charges are billed in advance
- Subscriptions automatically renew unless cancelled
- You may cancel at any time
- Refunds may be available as outlined in our refund policy
Intellectual Property
Unboxd's Rights
Unboxd retains all rights to:
- The Service and its underlying technology
- Trademarks, logos, and branding
- Software, algorithms, and AI models
- Service improvements and innovations
Your Rights
You retain all rights to:
- Your email content and personal data
- Any original content you create
- Your account and usage preferences
Service Availability
Uptime
While we strive for high availability, we cannot guarantee:
- 100% uptime or uninterrupted service
- Immunity from technical issues or maintenance
- Availability during force majeure events
Maintenance
We may perform maintenance that temporarily affects service availability. We will provide reasonable notice when possible.
Disclaimers and Limitations
Service Disclaimers
The Service is provided "as is" without warranties of any kind. We disclaim all warranties, express or implied, including:
- Merchantability and fitness for a particular purpose
- Accuracy or completeness of AI-generated content
- Compatibility with all devices or email systems
Limitation of Liability
To the maximum extent permitted by law, Unboxd shall not be liable for:
- Indirect, incidental, or consequential damages
- Lost profits, data, or opportunities
- Damages arising from AI errors or inaccuracies
- Third-party actions or service interruptions
Termination
Termination by You
You may terminate your account at any time by:
- Using the account deletion feature in the app
- Contacting our support team
- Following the cancellation process for paid subscriptions
Termination by Unboxd
We may terminate or suspend your account if you:
- Violate these Terms of Use
- Engage in prohibited activities
- Fail to pay subscription fees
- Cause harm to the Service or other users
Changes to Terms
We may update these Terms from time to time. We will notify you of material changes by:
- Posting updated Terms on our website
- Sending email notifications
- Providing in-app notifications
Continued use of the Service after changes constitutes acceptance of the updated Terms.
Governing Law
These Terms are governed by and construed in accordance with the laws of the State of Delaware, United States, without regard to conflict of law principles.
Dispute Resolution
Any disputes arising from these Terms or the Service will be resolved through:
- Good faith negotiations
- Binding arbitration if negotiations fail
- Applicable courts in Delaware, United States for non-arbitrable claims
Severability
If any provision of these Terms is found to be invalid or unenforceable, the remaining provisions will continue in full force and effect.
For questions about these Terms, please contact us:
Questions about these terms? We're here to help. Contact us for any clarifications.