Privacy Policy

Last updated: March 6, 2026

1. Introduction

Smart Mailbox Cleaner ("we," "our," or "us") operates smartmailboxcleaner.com (the "Service"). This Privacy Policy explains how we collect, use, and protect your information.

By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Google Account Information

When you sign in with Google, we receive:

  • Your name and email address
  • Your Google profile picture
  • A unique Google user ID

2.2 Gmail Metadata - NOT Email Content

We never read, store, or process the body or content of your emails. We access only Gmail message metadata:

  • Message size (in bytes)
  • Message date and Gmail labels (e.g. "Promotions," "Social")
  • Whether a message has an attachment (not the attachment content)
  • Thread ID (to detect reply chains)

This metadata is processed in memory during a scan and never stored permanently on our servers.

2.3 Storage Usage

We access Google storage quota metadata (total and used) via drive.metadata.readonly to display storage usage and cleanup impact in the dashboard.

2.4 Cleanup Action Records

When you run a cleanup, we store: category of emails cleaned, count, bytes freed, and Gmail message IDs (to enable 30-day undo). Message IDs are deleted 30 days after the undo window closes.

3. How We Use Your Information

  • Provide and operate the Service
  • Identify large, old, or low-value emails in your Gmail account
  • Execute cleanup actions (move to Trash) at your request
  • Enable undo functionality within 30 days of a cleanup
  • Send transactional emails (welcome, cleanup receipts, quota alerts)
  • Process payments for paid plans
  • Improve reliability and performance of the Service

We do not use your Gmail data for advertising, profiling, or any purpose other than operating the Service.

4. Google API Scopes

Smart Mailbox Cleaner requests the following Google OAuth scopes:

gmail.readonly

Read message metadata (size, labels, dates). Used to scan and categorise emails. We never read email body content.

gmail.modify

Move messages to Trash and restore them. Used for cleanup and undo actions. No permanent deletion.

drive.metadata.readonly

Read Google storage quota metadata (total/used bytes) to show storage usage and estimated cleanup impact. No Drive file content is accessed.

Our use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not transfer your Google user data to third parties except as necessary to provide the Service, and we do not use it to serve advertisements.

Google User Data

Smart Mailbox Cleaner's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

The application only accesses Gmail data required to provide its functionality.

Google user data is never:

  • sold
  • shared with advertisers
  • used for AI/ML model training

Email content is not permanently stored by the application.

5. Third-Party Services

  • Supabase - Database hosting. Data encrypted at rest. Privacy Policy
  • Render - Backend server hosting. Privacy Policy
  • Cloudflare - Frontend hosting and CDN. Privacy Policy
  • Razorpay - Payment processing for paid plans. We do not store card details. Privacy Policy
  • Resend - Transactional email delivery. Privacy Policy
  • Sentry - Error monitoring. Email content and tokens are scrubbed before any data is sent. Privacy Policy

6. Data Retention

  • Gmail metadata: Processed in memory, never written to persistent storage.
  • Scan results: Retained for 90 days after scan completion, then auto-deleted.
  • Cleanup action records: Message IDs deleted 30 days after undo window closes. Summary records kept for history.
  • Account information: Retained until you delete your account.
  • Payment records: Retained 7 years as required by Indian tax law (paid users).

7. Data Security

  • OAuth tokens encrypted with AES-256 before storage
  • All data in transit encrypted using TLS 1.2+
  • Database access restricted via allowlisted IPs
  • Email content, subjects, and sender/recipient data are never logged or stored

8. Your Rights

  • Access: Request a copy of your personal data.
  • Deletion: Delete your account from dashboard settings or by emailing us.
  • Revoke Google access: Via Google Account Permissions at any time.
  • Data portability: Request an export of your data.

To exercise rights, please use our Contact Form. We respond within 30 days.

9. Children's Privacy

The Service is not directed to children under 13. We do not knowingly collect information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy and will notify you of significant changes by email or in-app notice. Continued use after changes constitutes acceptance.

11. Contact Us

Smart Mailbox Cleaner Contact Us: Support Form
Website: smartmailboxcleaner.com/home