Privacy Policy (Beta)

What Inboard connects to

Inboard connects to your email provider using industry-standard OAuth. Supported providers:

• Microsoft 365 / Outlook — you sign in with Microsoft and choose what access to grant.
• Gmail / Google Workspace — you sign in with Google and choose what access to grant (read-only).

You can connect one mailbox at a time per provider.

What we read from your mailbox

We read mailbox data only to operate the product: identifying tasks, reminders, follow-ups, and inbox risk signals that power your dashboard, notifications, and daily recap. We do not use your mailbox data for advertising or unrelated profiling.

What we store

We minimize stored data. We do not intentionally persist full email bodies as part of the normal product flow. Email body content may be processed temporarily in memory for analysis but is not written to our database.

We do store derived and operational information, including: thread metadata and state, AI-generated task summaries, follow-up status, participant metadata (hashed email addresses, display names), sync state, and metadata related to delivering your daily recap.

Depending on configuration, stored fields may be encrypted at rest using AES-256-GCM.

AI processing

Inboard uses OpenAI to help classify threads, generate task summaries, and assess follow-up urgency. Redacted metadata and limited message content may be sent to OpenAI for analysis during sync. OpenAI processes this data under their API data usage policy and does not use it to train models.

AI outputs may be inaccurate. Inboard may miss important emails, misclassify threads, or generate incorrect summaries. You remain responsible for reviewing your inbox and any actions you take based on AI-generated content.

OAuth tokens

When you connect a mailbox, Inboard stores OAuth tokens (access and refresh tokens) to maintain your connection. These tokens are encrypted at rest using AES-256-GCM. Disconnecting your mailbox deletes these tokens and permanently removes synced Inboard data for that mailbox.

Your choices

You can disconnect your mailbox at any time from your profile. This removes stored OAuth tokens, stops syncing, and permanently deletes synced Inboard data for that mailbox (threads, tasks, summaries, and sync history). Your Inboard account and billing remain active.

You can delete your Inboard account from profile settings. This removes all mailbox data, your profile, and sign-in access. Minimal legal acceptance and billing compliance records may be retained as described in our Privacy Policy.

Data retention

We retain mailbox-derived data while your account is active and your mailbox is connected. Disconnecting your mailbox permanently deletes synced Inboard data for that mailbox and stops new syncing. We may run automated retention cleanup on older operational records (sync logs, status snapshots) when enabled.

Payments

If you subscribe to a paid plan, payments are processed by Stripe. We do not store your credit card details. Stripe handles payment information under their own privacy policy. We store your Stripe customer ID and subscription status to manage your account. See our Billing & Refund Policy for more details.

Cookies and analytics

We use session cookies to keep you signed in (managed by Supabase Auth). We use Google Analytics to understand how the site is used. See our Cookie Policy for details.

Service providers

Inboard relies on the following third-party services to operate:

• Microsoft — mailbox API access (Microsoft Graph)
• Google — mailbox API access (Gmail API)
• OpenAI — AI-assisted thread classification and summarization
• Supabase — database, authentication, and backend infrastructure
• Railway — backend API hosting
• Vercel — frontend hosting and CDN
• Stripe — payment processing
• MailerSend — transactional email delivery (daily recap)
• Google Analytics — website usage analytics

Each processes data only as needed to provide their part of the service.

Data sales

We do not sell your personal information.

Security

We take reasonable steps to protect data, including encryption at rest for OAuth tokens and sensitive fields, row-level security on database tables, and access controls on internal endpoints. No online service can guarantee perfect security. This beta is still evolving; use it with that in mind for sensitive matters.

Beta disclaimer

Inboard is a beta product. Features, data handling practices, and this policy may change as the product evolves. Service interruptions may occur. We will update this page when material changes are made.

Contact

Questions about privacy: hello@useinboard.com