Security & Data Practices
How we protect your data and why you can trust ClearMyInbox with your email accounts.
We never store your emails
ClearMyInbox scans email headers and metadata to find unsubscribe links. Specifically, we look at the List-Unsubscribe header, the sender address, the subject line, and the date.
When a List-Unsubscribe header is not present, we parse the HTML body only to extract unsubscribe URLs. We do not analyse or store the actual content of your emails.
- Email content is processed in memory and immediately discarded.
- We never store email bodies in our database.
- We never train AI models on your email content.
- Only metadata (sender, subject, date, unsubscribe URL) is saved to show your scan results.
Your credentials are encrypted
We take credential security seriously at every layer:
- OAuth tokens (Gmail, Outlook, Yahoo) are encrypted and stored in Azure Key Vault, Microsoft's hardware-backed secrets management service.
- IMAP app passwords are encrypted with AES-256 before being stored in our database. They are never logged in application logs or error reports.
- Account passwords are hashed with bcrypt and never stored in plain text.
- All communication between your browser and our servers uses HTTPS with TLS 1.2 or higher. API calls to email providers also use encrypted connections.
We don't sell your data
ClearMyInbox is funded by subscriptions, not by advertising or data sales. Our business model is simple: you pay for the product, and we provide the service. That's it.
- We do not share your email data with third parties.
- We do not sell or transfer your data to advertisers, data brokers, or anyone else.
- We do not use your data to train AI models.
- We comply with the Google API Services User Data Policy, including the Limited Use requirements.
What OAuth scopes we request and why
We only request the minimum permissions needed to scan your inbox and help you unsubscribe. Here's exactly what each permission does:
Gmail
gmail.readonly- lets us read email headers and metadata to find unsubscribe links. We cannot modify or delete emails with this scope.gmail.modify(optional) - lets us move emails to Trash when you use the "delete emails" feature. Only requested if you choose to use email deletion.
Outlook / Hotmail
Mail.Read- lets us read email headers and metadata to find unsubscribe links.Mail.ReadWrite(optional) - lets us move emails to Trash when you use the email deletion feature.
Yahoo
mail-r- lets us read email headers and metadata to find unsubscribe links.
You're in control
You always have full control over your data and account:
- Revoke access anytime - disconnect any email account from your dashboard. You can also revoke our access directly from your Google, Microsoft, or Yahoo account settings.
- Delete your account and all data - when you delete your account, we permanently remove all your data including scan results, OAuth tokens, IMAP credentials, and subscription records.
- Data export on request - under GDPR, you have the right to request a copy of all personal data we hold about you. Email privacy@clearmyinbox.ai and we'll respond within 30 days.
Infrastructure
ClearMyInbox runs on enterprise-grade infrastructure:
- Azure EU West - our application and database are hosted in Microsoft Azure's West Europe data centre, subject to EU data protection regulations.
- Azure SQL with encryption at rest - all database data is encrypted at rest using Transparent Data Encryption (TDE).
- Azure Key Vault - secrets, OAuth tokens, and encryption keys are stored in Azure Key Vault, backed by hardware security modules (HSMs).
- Stripe PCI-DSS compliant - all payment processing is handled by Stripe, which is certified PCI-DSS Level 1, the highest level of payment security certification.