Privacy Policy

1. Introduction

Welcome to Calma Inbox ("we," "our," or "the Service"). We are committed to protecting your privacy and being transparent about how we collect, use, and protect your information. This Privacy Policy explains how we handle your data when you use our newsletter reader service for Gmail.

2. Information We Collect

2.1 Information You Provide

• Google Account Information: When you connect your Gmail account, we receive your email address and basic profile information (name, profile picture) from Google.
• Gmail Data: We access your Gmail messages to identify and display newsletters. This includes message content, sender information, subject lines, and metadata.

2.2 Automatically Collected Information

• Authentication Tokens: We store encrypted OAuth refresh tokens to maintain your connection to Gmail.
• Usage Data: We collect information about which newsletters you read and when, to provide the Service.
• Technical Data: Server logs may include IP addresses, browser types, and request timestamps for security and debugging purposes.

3. How We Use Your Information

We use your information solely to provide and improve the Service:

• Display Newsletters: Access your Gmail to identify, organize, and display newsletters in a readable format.
• Manage Labels: Create and manage Gmail labels to organize your newsletters.
• Sync Updates: Monitor your Gmail for new newsletters and keep the inbox up to date.
• Maintain Security: Authenticate your identity and protect against unauthorized access.
• Improve Service: Analyze usage patterns to fix bugs and improve functionality.

We do not:

• Sell your data to third parties
• Use your data for advertising purposes
• Share your Gmail content with anyone
• Read emails outside of the newsletters context

4. Data Storage and Security

4.1 How We Store Your Data

• OAuth Tokens: Refresh tokens are encrypted using AES-256-GCM encryption before storage.
• Database: User information is stored in a secure database with industry-standard protections.
• Encryption in Transit: All data transmitted between your browser and our servers uses HTTPS/TLS encryption.

4.2 Security Measures

• Session-based authentication with secure, HTTP-only cookies
• Rate limiting to prevent abuse
• Security headers (HSTS, CSP, X-Frame-Options)
• Regular security updates and monitoring

4.3 Data Retention

We retain your data only as long as your account is active or as needed to provide the Service. When you revoke access or delete your account, we delete your OAuth tokens and personal information within 30 days.

5. Third-Party Services

5.1 Google APIs

Our Service uses Google APIs to access your Gmail data. Your use of Gmail through our Service is also subject to Google's Privacy Policy.

5.2 Google's Limited Use Requirements

Calma Inbox's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We only use your Gmail data to provide the newsletter reading functionality and do not transfer it to third parties except as necessary to provide the Service.

6. Your Rights and Choices

You have the following rights regarding your data:

• Access: You can access your newsletter data through the Service interface.
• Revoke Access: You can revoke our access to your Gmail at any time through your Google Account permissions page or by logging out of Calma Inbox.
• Data Deletion: Revoking access will trigger deletion of your OAuth tokens. You can request complete data deletion by contacting us.
• Export: Your newsletters remain in your Gmail account and can be accessed directly through Gmail at any time.

7. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using the Service, you consent to such transfers.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by updating the "Last Updated" date at the top of this policy. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@calma-inbox.com
(Or through your preferred contact method)

11. Gmail API Disclosure

Scope of Access: Calma Inbox requests the following Gmail permissions:

• gmail.readonly: To read your newsletter messages
• gmail.modify: To mark newsletters as read and manage labels
• gmail.labels: To create and manage the "Newsletters" label
• gmail.settings.basic: To create filters for automatic newsletter organization

Data Usage Limitation: We only access messages labeled or identified as newsletters. We do not read, store, or process your personal emails, work correspondence, or other non-newsletter content.