We want to be as transparent as possible with your data. If anything isn't crystal clear, please contact us.

This policy was last updated on 2nd September, 2019. We will announce any changes, and you can always alter your consent (see below).

Keeping Your Data Safe

Please see our Security Practices

What We Store on our Servers

We only store what cannot be easily stored in Gmail itself:

Handling your Gmail data in ActiveInbox (browser addon)

Most data, except email addresses and email IDs, is transferred directly between your computer and Gmail's server.

Gmail Data OAuth Scope Why Used Who Can Access Transit Path Storage Location
Email Meta (id, subject, to/from, date, labels); All Labels auth/gmail.modify and (latter being phased out) Renders task list, shows controls for a specific email, allows add/removal label to email Only User (ActiveInbox Client) Between Gmail server and user local client Cache of Gmail label/message data stored in browser's local storage.
Email body and attachments Theoretically made available by auth/gmail.modify Not used (but have to request OAuth Scope permission that includes it, to be able to add/remove labels to emails) Nobody Not transited Not stored outside Gmail server
Email IDs auth/gmail.modify Attach ActiveInbox Notes and Sub Tasks to your Gmail emails, using their Gmail ID. Theoretically, as its on our server, then developers have access, but are prohibited by contract. Also we don't believe the IDs are maliciously useable (so not sensitive). Email IDs move from local client to the ActiveInbox server when Notes and Sub Tasks are saved. Email IDs stored in ActiveInbox server database

Data Security

We use SSL (https) everywhere, for secure data exchange between your machine and our server.

The data in the database is encrypted to the outside world, and is protected within the Amazon Web Service's ecosystem. Our development employees have access to the data, but are only allowed to temporarily access it with your explicit consent (e.g. to fix a problem).


When you sign up for ActiveInbox, we ask for consent to access your Gmail data (as described above), and to receive emails from us.

We may ask for heightened data scopes at the point a feature needs it. (E.g. the first time you use Send Later, or the GCal integration).

At any time, you can request to know all the information we hold about you, and request it be deleted, or alter your consent from that point forward. (By contacting support, or using any account management tools we provide).

If you no longer want to use ActiveInbox, you can log into your Google Account, and revoke any data permissions you gave ActiveInbox.

You can unsubscribe from our emails at any time.

3rd Party Services Utilised

These services help us deliver ActiveInbox. If you have any reason to distrust them, please contact us.