Privacy Policy

Effective: April 2, 2026  |  Last updated: April 2, 2026

Inbox Axe ("the Service") is operated by ZagAIrot Technologies LLC, based in Rancho Santa Margarita, California. We take your privacy seriously. This policy explains what data we access, how we use it, and what we do not do.

1. What Data We Access

When you connect your Gmail account via Google OAuth, Inbox Axe requests read-only access to your email metadata. This includes:

• Sender address (From field)
• Subject line
• Date and time received
• Message snippet (first ~100 characters)
• Message ID and labels

2. What We Do NOT Access or Store

• We do not read or store the full body content of your emails.
• We do not access attachments.
• We do not store your Gmail password — authentication is handled entirely by Google OAuth.
• We do not send emails on your behalf.
• We do not share, sell, or transfer your data to any third party.

3. How Gmail Access Is Used

Inbox Axe uses read-only Gmail access to:

• Scan your inbox metadata to classify emails as junk, important, or leads.
• Archive emails you explicitly mark as junk (requires your confirmation).
• Generate a daily briefing summarizing what matters in your inbox.

All classification happens in real time. Email metadata is processed in memory and is not persisted beyond the active session unless you explicitly save a lead or sender preference.

4. Data We Store

• Account data: Your email address, OAuth tokens (encrypted), and session tokens.
• Preferences: Your junk sender list, VIP sender list, and saved leads.
• Scan history: Aggregate counts (number of emails scanned, archived) — not email content.

All data is stored on secured infrastructure. OAuth tokens are used solely to authenticate with Google's API on your behalf.

5. Data Retention

You may delete your account and all associated data at any time by contacting us. Upon account deletion, all stored data — including OAuth tokens, preferences, and history — is permanently removed within 30 days.

6. Third-Party Services

• Google OAuth: Used for authentication. Subject to Google's Privacy Policy.
• Stripe: Used for payment processing. Subject to Stripe's Privacy Policy. We do not store your credit card information.

7. Security

We use industry-standard practices to protect your data, including encrypted connections (TLS), secure token storage, and access controls. No system is 100% secure, but we are committed to protecting your information.

8. Children's Privacy

Inbox Axe is not intended for use by anyone under 13 years of age. We do not knowingly collect data from children.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via the Service or by email. Continued use of the Service after changes constitutes acceptance.

10. Contact

For privacy questions, data deletion requests, or concerns:

• Email: privacy@zagairot.com
• ZagAIrot Technologies LLC, Rancho Santa Margarita, CA