Legal
Privacy Policy
Last updated: May 20, 2026
In Short
We only collect what's necessary to provide the service. We never sell your data. Your emails are encrypted with AES-256 military-grade encryption.
01
Information We Collect
When you create an account and use AutoInbox, we collect:
- Account Information: Your name, email address, and password (hashed using bcrypt with 12 salt rounds).
- Email Credentials: Your Gmail address and App Password, encrypted using AES-256-GCM encryption. We never store your actual Google password.
- Email Content: Incoming email metadata (sender, subject, body) for AI processing. This data is stored locally in our encrypted database.
- Voice Samples: Text samples you voluntarily provide to train your AI clone's writing style.
- Usage Data: Basic analytics like message counts and feature usage.
02
How We Use Your Information
Your information is used exclusively to:
- Provide AI-powered auto-reply drafts that match your writing style.
- Monitor your inbox for incoming messages (only when you enable this feature).
- Send approved replies on your behalf through your own email account.
- Improve the accuracy of your AI clone over time.
03
Data Security
We take security seriously:
- Encryption: All email credentials are encrypted with AES-256-GCM, the same standard used by banks and military systems.
- Password Hashing: Account passwords are hashed using bcrypt (12 rounds). We cannot read your password.
- HTTPS: All data in transit is encrypted via TLS/SSL.
- Security Headers: We use Helmet.js to set strict HTTP security headers.
- Rate Limiting: API endpoints are rate-limited to prevent abuse.
04
Third-Party Services
We use the following third-party services:
- Google Gemini AI: To generate email reply drafts. Email content is sent to Google's API for processing. See Google AI Terms.
- PayMongo: For payment processing. We never store your payment card details. See PayMongo Privacy Policy.
- Render: For hosting. See Render Privacy Policy.
05
Data Retention
We retain your data for as long as your account is active. You can delete your account at any time by disconnecting your email and contacting us. Upon deletion, all your data (messages, drafts, voice samples, and credentials) will be permanently removed.
06
Your Rights
You have the right to:
- Access your personal data stored in our system.
- Disconnect your email at any time from the Settings page.
- Delete your voice samples and AI profile.
- Request complete account deletion.
07
Contact
If you have questions about this privacy policy, contact us at:
Email: [email protected]