Prunebox

Privacy Policy

Your privacy is our priority. Last updated: 4/20/2026

Google API Limited Use Disclosure

The use of information received from Gmail APIs will adhere to Google's User Data Policy, including the Limited Use requirements.

Data We Collect

We only collect the minimum data necessary to provide our email group management service:

  • Email headers: Subject, sender, date, and List-Unsubscribe headers
  • Sender patterns: Email addresses and domains to identify email groups
  • Account information: Your name and email address from Google OAuth

We do NOT store: Email body content, attachments, or message content. We only scan headers to identify subscriptions.

How We Use Your Data

Your data is used only to provide the email group management service:

  • Scan your inbox to identify email subscriptions and groups
  • Display email groups in your dashboard
  • Execute bulk deletion or unsubscription requests you initiate
  • Send optional digest emails about your email groups

Google Limited Use Compliance

Prunebox complies with Google's Limited Use requirements for Gmail API data:

  • No data selling: We never sell, rent, or share your data with third parties
  • No advertising: We do not use your data for advertising purposes
  • No AI training: We do not use your data to train non-personalized AI/ML models
  • User control: You can export or delete all your data at any time from Settings

Data Deletion

You have the right to delete all your data at any time:

  • Go to Settings → Privacy → Delete Account
  • This permanently removes all your data from our servers
  • Gmail access is also revoked via Google OAuth

Data Storage & Security

  • Storage location: Data is stored in secure PostgreSQL databases
  • Encryption: All data is encrypted at rest and in transit
  • Retention: Data is retained until you delete your account
  • Access: Only you can access your data via authenticated sessions

Third Parties

We do not sell, rent, or share your data with third parties. The only third-party services we use are:

  • Google OAuth: For authentication and Gmail API access
  • Vercel/PostgreSQL: For hosting and database infrastructure

Important: We do not use any analytics, tracking, or advertising services.

GDPR Rights (EU Users)

If you are located in the EU, you have the following rights under GDPR:

  • Right to access: Request a copy of your data
  • Right to rectification: Correct inaccurate data
  • Right to erasure: Delete all your data
  • Right to data portability: Export your data
  • Right to object: Object to data processing

To exercise these rights, please contact us or use the Delete Account feature in Settings.

Contact Us

If you have questions about this privacy policy or how we handle your data, please contact us.

For GDPR inquiries, we will respond within 30 days as required by law.