InboxNuke – Privacy Policy

Effective Date: January 31, 2025
Company: InboxNuke
Contact: support@inboxnuke.com
Website: https://inboxnuke.com

1. Introduction

InboxNuke ("we," "our," or "us") is a web-based application that integrates with Google Gmail to help users block unwanted email senders at the domain level. This Privacy Policy explains how we collect, use, process, store, and protect personal information, including data accessed through Google APIs. InboxNuke complies with the Google API Services User Data Policy, including the Limited Use requirements.

2. Information We Collect

When you sign in using Google OAuth, we collect your email address, Google Account ID, and basic profile information. We access Gmail filter settings and labels only — we do not access, read, or store email messages, headers, attachments, or message content. We do not collect or store your Google password.

3. Google Gmail API Access (Filters + Label Only)

InboxNuke connects to a user's Gmail account solely to manage Gmail filters and a single Gmail label used by those filters. InboxNuke does not access, read, process, or store the contents of emails.

Scopes Requested

InboxNuke requests the following Gmail scopes:

  • gmail.settings.basic — to create and delete Gmail filters that the user configures in InboxNuke.
    Endpoints used: users.settings.filters.create, users.settings.filters.delete, users.settings.filters.list
  • gmail.labels — to create and manage one label (InboxNuke-Blocked) that Gmail filters apply automatically.
    Endpoints used: users.labels.create, users.labels.list

What InboxNuke Does NOT Do

  • Does not read email messages (no calls to users.messages.*)
  • Does not access email bodies, headers, attachments, or metadata
  • Does not store or transmit email content off Google's systems
  • Does not send emails on behalf of the user
  • Does not manage delegation, forwarding, or mailbox sharing

Gmail itself enforces the filters server-side for future incoming email. InboxNuke acts as a configuration tool for Gmail's built-in filtering and labeling features.

4. Data Stored by InboxNuke

InboxNuke stores only the minimum configuration required to operate:

  • Blocked domains selected by the user
  • The Gmail filter ID(s) created for those domains
  • The label ID for InboxNuke-Blocked
  • OAuth tokens (encrypted at rest) required to make the above settings changes

5. Data Storage & Security

We implement safeguards including:

  • HTTPS/TLS encryption for all data in transit
  • OAuth refresh tokens encrypted at rest
  • Access-restricted server environments
  • Role-based access controls
  • Multi-tenant data isolation (all queries scoped by user)

6. Data Retention

We retain user data only as long as necessary to provide the service. Upon account deletion, stored user data is permanently deleted and OAuth tokens are revoked.

7. Third-Party Service Providers

InboxNuke may use trusted infrastructure providers solely to operate the platform under confidentiality obligations. We do not permit third-party advertisers or data brokers access to any user data.

8. Compliance with Google API Services User Data Policy

InboxNuke adheres to the Google API Services User Data Policy, including Limited Use requirements. Gmail data is used only to provide user-facing features (filter and label management) and is not transferred except as necessary to operate the service. Gmail data is not sold, shared for advertising, or used to train AI models.

9. User Rights

You may revoke Gmail access at any time via https://myaccount.google.com/permissions or request account deletion by contacting support@inboxnuke.com.

10. Changes to This Policy

We may update this Privacy Policy periodically. Continued use of the service after updates constitutes acceptance of the revised policy.