Privacy Policy

Last updated: March 2026

Who we are

CleanMyBox provides one-shot mailbox cleanup services. If you have questions, contact us at contact@cleanmybox.io.

Data we collect

  • Google or Microsoft account email address used to authenticate and identify your account.
  • Mailbox metadata required to perform cleanup actions (sender, subject, snippet, selected headers, and message identifiers).
  • Cleanup run reports (plan, status, timestamps, aggregated stats, and errors).
  • Payment metadata from Stripe (session IDs, payment status, selected plan).

How we use your data

  • Authenticate you with Google or Microsoft and secure access to your account.
  • Execute cleanup operations you explicitly request.
  • Display run history and cleanup reports in your dashboard.
  • Process billing and payment confirmation.
  • Operate, secure, and improve service reliability.

Third-party processors

We use trusted providers to deliver the service: Google APIs and Microsoft Graph (mail access), Stripe (payments), OpenAI (AI classification when CleanPlus is used), and PostgreSQL/Supabase (history storage).

How we share, transfer, or disclose Google user data

  • We do not sell Google user data.
  • We share Google user data only with service providers that are required to operate CleanMyBox on your behalf and only for the purposes described in this policy.
  • Google user data may be transferred to OpenAI only when you use the AI-assisted CleanPlus flow. In that case, the data sent is limited to the email subject, sender, snippet, and selected headers required to classify the message.
  • Google user data may be stored in PostgreSQL/Supabase only for cleanup history and account-related records that you expect to see in the product.
  • Stripe receives billing metadata only. We do not share Gmail message content with Stripe.
  • We may disclose Google user data if required by law, regulation, legal process, or to detect, prevent, or address fraud, abuse, security, or technical issues.
  • If CleanMyBox is involved in a merger, acquisition, or asset sale, data may be transferred as part of that transaction subject to this policy and applicable law.

Google API data commitments

  • We use Google user data only to provide or improve user-facing cleanup features that you explicitly request.
  • We do not use Google user data for advertising.
  • We do not use Google user data to train generalized AI or ML models.
  • You can revoke CleanMyBox access at any time from your Google account permissions settings.

Retention and deletion

We retain operational data only as needed to provide the service and history features. OAuth sessions are short-lived. You may request deletion of your stored history data by contacting contact@cleanmybox.io.

Your rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing of your personal data. Contact us to submit any request.

Security

We apply reasonable technical and organizational safeguards to protect your data. However, no system can guarantee absolute security.