Privacy Policy

Effective date: February 26, 2026

InboxRouter helps you route Gmail attachments into Google Drive folders based on the rules you configure. This policy explains what data we access, how we use it, how long we keep it, and how you can request deletion.

InboxRouter's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

1. Data Accessed

InboxRouter requests Google OAuth scopes only as needed to run your configured routing rules:

  • Gmail read access (`gmail.readonly`) to read inbox messages and attachments for matching rules.
  • Google Drive access (`drive`) to create/select folders and upload matching attachments to destinations you configure.
  • Account email (`userinfo.email`) to identify the connected Google account.

Depending on your rules, InboxRouter may access message metadata (sender, subject, date, message ID), message body text (for body-based matching), attachment metadata (filename, MIME type, attachment ID), and attachment file bytes for transfer to Drive.

2. Data Usage

  • Authenticate your account and maintain Gmail/Drive connections.
  • Evaluate your routing rules and detect matching messages and attachments.
  • Upload matching attachments to the Google Drive location you choose.
  • Maintain sync state, activity counters, and routing logs for reliability and troubleshooting.
  • Operate billing (for paid plans) and product analytics.

3. Data Sharing

InboxRouter does not sell your personal data and does not use Google user data for advertising. We share data only as required to operate the service:

  • Google APIs to read Gmail data and write files to your Google Drive based on your instructions.
  • Infrastructure providers to host application databases and runtime systems.
  • PostHog for product analytics and operational events.
  • Stripe for subscriptions and payment operations when you use paid plans.
  • Legal disclosures when required by law, regulation, or valid legal process.

4. Data Storage & Protection

  • InboxRouter stores account records, OAuth tokens, routing rules, and sync logs in managed PostgreSQL infrastructure.
  • Attachment file bytes are processed to complete routing and are not stored as files by InboxRouter after the transfer operation completes.
  • We apply technical and organizational safeguards such as access controls and encrypted transport (HTTPS/TLS).

5. Data Retention & Deletion

  • Account data, connected account tokens, rules, and sync logs are retained while your InboxRouter account is active.
  • InboxRouter does not keep a long-term archive of email bodies or attachment file content in its own database.
  • You can revoke Google access at any time from your Google account permissions page.
  • You can request deletion of your InboxRouter data by emailing contact@inboxrouter.io. We generally process deletion requests within 30 days.

6. Your Choices

  • Revoke Gmail or Google Drive access from your Google account permissions settings.
  • Delete routing rules you no longer want to run.
  • Contact us to request access, correction, or deletion support.

7. Policy Updates

We may update this policy as InboxRouter evolves. Material updates will be posted on this page with a revised effective date.

8. Contact

For privacy questions or deletion requests, email contact@inboxrouter.io.

Back to homepage