Privacy

We want to be as transparent as possible with your data. If anything isn't crystal clear, please contact us.

This policy was last updated on 1st April, 2019. We will announce any changes, and you can always alter your consent (see below).

Keeping Your Data Safe

Please see our Security Practices

What We Store on our Servers

We only store what cannot be easily stored in Gmail itself:

Handling your Gmail data in ActiveInbox (browser addon)

Most data, except email addresses and email IDs, is transferred directly between your computer and Gmail's server.

Gmail Data OAuth Scope Why Used Who Can Access Transit Path Storage Location
Email Meta (id, subject, to/from, date, labels); All Labels auth/gmail.modify and mail.google.com (latter being phased out) Renders task list, shows controls for a specific email, allows add/removal label to email Only User (ActiveInbox Client) Between Gmail server and user client Cache of data stored in browser's local storage
Email body and attachments Theoretically made available by auth/gmail.modify Not used (but have to request OAuth Scope permission that includes it, to be able to add/remove labels to emails) Nobody Not transited Not stored outside Gmail server
Email IDs auth/gmail.send Allows our server to send emails 24/7 (send later) ActiveInbox Server code (developers have theoretical access, but prohibited by contract) Email IDs move from Gmail server to user client to ActiveInbox Server back to Gmail server Email IDs stored in ActiveInbox server database

Data Security

We use SSL (https) everywhere, for secure data exchange between your machine and our server.

The data in the database is encrypted to the outside world, and is protected within the Amazon Web Service's ecosystem. Our development employees have access to the data, but are only allowed to temporarily access it with your explicit consent (e.g. to fix a problem).

Consenting

When you sign up for ActiveInbox, we ask for consent to access your Gmail data (as described above), and to receive emails from us.

We may ask for heightened data scopes at the point a feature needs it. (E.g. the first time you use Send Later, or the GCal integration).

At any time, you can request to know all the information we hold about you, and request it be deleted, or alter your consent from that point forward. (By contacting support, or using any account management tools we provide).

If you no longer want to use ActiveInbox, you can log into your Google Account, and revoke any data permissions you gave ActiveInbox.

You can unsubscribe from our emails at any time.

3rd Party Services Utilised

These services help us deliver ActiveInbox. If you have any reason to distrust them, please contact us.