Legal

Privacy Policy

Last updated: April 2026

InboxBuster is built by an independent developer. This policy explains what data is collected when you use the app, how it is used, and your rights over it. If anything is unclear, email adamhemmingsdev@gmail.com.

What data we collect

We collect the minimum data needed to provide the service:

  • Account data - your name, email address, and profile photo, provided when you sign in with Google or Microsoft. We do not store your password.
  • Email metadata - sender name, sender email, subject line, date, and email counts. This is fetched from your Gmail or Outlook account to power the inbox categorisation feature. Message bodies are never read or stored.
  • Payment data - payments are processed entirely by Stripe. We store only a reference to your Stripe account and your subscription status. We never see or store your card details.
  • Usage data - basic error and usage logs to keep the service running. No ad tracking, no behavioural profiling.

How we use your data

  • To sign you in and keep you logged in across devices
  • To display your inbox categorisation, sender counts, and cleaning history within the app
  • To process your payment and track whether your account is on the free or premium tier
  • To respond to support requests submitted via the in-app support form (available to subscribers only)

We do not sell your data. We do not use it for advertising. We do not share it with third parties except the services listed below, which are necessary to run the app.

Third-party services

The following services process data on our behalf. Each has its own privacy policy linked below.

Firebase (Google)Privacy policy
User authentication and database
Google OAuthPrivacy policy
Sign in with Google and Gmail access
Microsoft OAuthPrivacy policy
Sign in with Microsoft and Outlook access
StripePrivacy policy
Payment processing
VercelPrivacy policy
Hosting and server infrastructure

Data retention

  • Account and subscription data is retained for as long as your account exists.
  • Email metadata is not stored. It is fetched from your email provider on demand, processed in memory, and discarded. We do not store your emails.
  • If you delete your account, your data is removed from our systems within 30 days.

How we protect your data

  • All data transmitted between the app and our servers is encrypted in transit using HTTPS/TLS.
  • OAuth access tokens and refresh tokens are encrypted at rest before being stored in our database.
  • Email metadata (sender address, subject line, date) is stored in Firestore with strict server-side access controls — client applications have read-only access and cannot write directly to sensitive collections.
  • Only authenticated server-side processes can modify stored tokens or user data.

Your rights (GDPR)

If you are based in the UK or EU, you have the following rights over your personal data:

  • The right to access the data we hold about you
  • The right to correct inaccurate data
  • The right to request deletion of your data (right to erasure)
  • The right to withdraw consent at any time by deleting your account from the Account page in the app

To exercise any of these rights, email adamhemmingsdev@gmail.com. We will respond within 30 days.

Cookies

InboxBuster does not use advertising or tracking cookies. Firebase stores a sign-in cookie in your browser to keep you signed in. Vercel may set technical cookies to ensure the app loads reliably. No cookie consent banner is shown because no consent-required cookies are used.

Changes to this policy

If we make material changes to this policy, we will notify users by email before the changes take effect. The date at the top of this page reflects the most recent update.

Contact

InboxBuster is operated by Adam Hemmings. For any privacy-related questions, email adamhemmingsdev@gmail.com.