1. Introduction
Welcome to Shared Mailbox ("we," "our," or "us"). We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our shared mailbox management application.
By using Shared Mailbox, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this privacy policy, please do not access or use our service.
2. Information We Collect
We collect information that you provide directly to us and information obtained through your connected accounts:
2.1 Account Information
- Email address
- Name and profile picture (from connected email accounts)
- Authentication tokens for connected email services
2.2 Email and Calendar Data
When you connect your Google account, we access:
Google API Scopes We Use
| Scope | Purpose |
|---|---|
| gmail.readonly | Read your email messages to display them in the shared inbox (read-only access) |
| calendar.readonly | Display your calendar events in the unified view (read-only access) |
| userinfo.email & userinfo.profile | Identify your account and display your profile |
3. How We Use Your Information
We use the collected information for the following purposes:
- Provide our service: Display and manage your emails and calendar events in a unified interface
- Team collaboration: Enable authorized team members to view and manage shared inboxes
- Notifications: Send you notifications about new emails and calendar events
- Authentication: Verify your identity and maintain secure sessions
- Improve our service: Analyze usage patterns to enhance functionality and user experience
4. Data Storage and Security
We implement robust security measures to protect your data:
- Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
- Token Security: OAuth tokens are stored securely in our encrypted database and refreshed automatically
- Access Control: Only authorized team members can access shared inboxes based on their assigned permissions
- Firebase Security: We use Google Firebase with security rules to ensure data isolation between organizations
- No Email Content Storage: We do not permanently store the content of your emails on our servers. Email content is fetched in real-time from your email provider.
5. Data Sharing and Disclosure
We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:
- Team Members: When you add team members to a shared inbox, they can view emails in that inbox according to their assigned permissions
- Service Providers: We use trusted third-party services (Google Firebase, Google Cloud) that assist in operating our service
- Legal Requirements: When required by law, subpoena, or government request
- Business Transfers: In connection with a merger, acquisition, or sale of assets
6. Your Rights and Choices
You have the following rights regarding your data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request correction of inaccurate personal data
- Deletion: Request deletion of your account and associated data
- Revoke Access: Disconnect your email accounts at any time through your account settings or directly through Google's security settings
- Data Export: Request an export of your data in a portable format
7. Data Retention
We retain your account information for as long as your account is active or as needed to provide you with our services. OAuth tokens are refreshed automatically and old tokens are deleted. If you delete your account, we will delete or anonymize your personal information within 30 days, except where we are legally required to retain certain information.
8. Children's Privacy
Our service is not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. We ensure that appropriate safeguards are in place to protect your information in accordance with this privacy policy and applicable laws.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.
11. Google API Services User Data Policy
Limited Use Disclosure
Shared Mailbox's use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
📧 Contact Us
If you have any questions about this Privacy Policy, please contact us at: