← Back to Inbox Diary

Privacy Policy

Last updated: March 2026

Inbox Diary ("we", "our", or "the app") is committed to protecting your privacy. This policy explains what data we collect, how we use it, and your rights regarding your information.

1. What data we collect

We collect only the minimum data necessary to provide the service:

• Account information: your email address and encrypted password, used to create and manage your account.
• Gmail data: if you connect your Gmail account, we read emails from school addresses you specify (or school-related emails identified by keyword) to extract event information such as dates, times, and locations. We do not store the full content of your emails — only the extracted event details.
• Outlook data: if you connect your Outlook account, the same applies as Gmail above.
• Calendar data: we create events in your Google Calendar or Outlook Calendar on your behalf when school events are detected or manually added.
• Event data: the school events extracted from your emails (title, date, time, location, type) are stored in your personal account so you can view and manage them.
• School email addresses: email addresses you add in Settings to identify which emails come from your school.

2. How we use your data

Your data is used solely to provide the Inbox Diary service:

• Reading emails from your connected Gmail or Outlook account to identify school events
• Extracting dates, times, and event details using AI (Anthropic Claude)
• Creating calendar events with reminders in your Google or Outlook Calendar
• Displaying your upcoming school events within the app

We do not use your data for advertising, profiling, or any purpose other than providing the service you signed up for.

3. How we share your data

We do not sell your data. We share data only with the services required to operate the app:

• Anthropic (Claude API): email text is sent to Anthropic's API for event extraction. Anthropic's privacy policy applies to this processing. Email content is not stored by Anthropic beyond the duration of the API request.
• Supabase: your account data and extracted events are stored in a Supabase database. Supabase is a GDPR-compliant data platform.
• Google / Microsoft: OAuth tokens are used to read your emails and write to your calendar. We do not share your data with Google or Microsoft beyond the standard OAuth flow.

4. Data retention

Your account data and events are retained for as long as you have an active account. You can delete individual events at any time within the app. To delete your entire account and all associated data, contact us at the email address below.

5. Your rights

You have the right to:

• Access the data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Disconnect your Gmail or Outlook account at any time via Settings
• Revoke the app's access to your Google account at myaccount.google.com/permissions
• Revoke the app's access to your Microsoft account at account.microsoft.com/privacy/app-access

6. Security

OAuth tokens are stored securely and encrypted at rest. We use row-level security to ensure each user can only access their own data. Connections to all external services use HTTPS encryption.

7. Children's privacy

Inbox Diary is intended for use by parents and guardians. We do not knowingly collect data from children under 13.

8. Changes to this policy

We may update this privacy policy from time to time. We will notify you of significant changes by updating the date at the top of this page.

9. Contact

If you have questions about this privacy policy or wish to exercise your data rights, please contact us at:

[email protecte