Privacy Policy
Last updated: January 2025
At Draftbox, we take your privacy seriously. This policy explains how we collect, use, and protect your information when you use our email automation service.
1. Information We Collect
Account Information
- Gmail Account: Your Gmail email address and OAuth authentication tokens to access your inbox
- Marketplace Name: The name of your marketplace for branding email responses
- Custom Configuration: Your AI agent prompts and knowledge base content that you provide
Email Data
- Email Content: We access unread emails in your monitored inbox to analyze customer inquiries
- Email Metadata: Sender information, subject lines, timestamps, and thread IDs
- Extracted Data: Customer names, and issue details extracted from emails
Generated Content
- Draft Responses: AI-generated email drafts created by our service
- Processing Logs: Technical logs of email processing for troubleshooting and service improvement
2. How We Use Your Information
We use your information exclusively to provide our email automation service:
- Email Monitoring: To monitor your designated support inbox for new customer inquiries
- AI Processing: To analyze email content and generate appropriate draft responses using OpenAI's GPT models
- Draft Creation: To create Gmail drafts in your inbox for your team to review and send
- Service Improvement: To maintain, debug, and improve the quality of our service
- Data Minimization: We redact customer email addresses and formatted phone numbers before sending content to OpenAI
Important: We never sell, rent, or share your email data or customer information with third parties for marketing purposes.
3. Data Storage and Security
Local Storage
- Your account information and OAuth tokens are stored in a local SQLite database
- Database files are stored on our server infrastructure with appropriate access controls
Third-Party Services
- Google Gmail API: We use Gmail's official API to access your inbox. Gmail tokens are securely stored and automatically refreshed
- OpenAI API: Email content is sent to OpenAI's GPT-4 model to generate draft responses. Before transmission, we replace identifiable customer contact details (email addresses and formatted phone numbers) with neutral placeholders. OpenAI's data usage policies apply
Security Measures
- All data transmission uses HTTPS encryption
- OAuth tokens are stored securely and never exposed to the client
- Session management uses secure, HTTP-only cookies
- Regular security updates and monitoring
4. Data Retention
- Account Data: Retained while your account is active
- Email Content: We only process emails in real-time and do not permanently store email content beyond processing logs
- Logs: Processing logs are retained for 90 days for troubleshooting purposes
5. Your Rights and Choices
You have the following rights regarding your data:
- Access: View your account information and settings in your dashboard
- Modification: Update your marketplace name, AI prompts, and knowledge base at any time
- Pause Service: Temporarily disable email monitoring without deleting your account
- Deletion: Disconnect your account at any time, which will remove your data from our system
- Revoke Access: Revoke Gmail access through your Google account settings
6. Google API Services User Data Policy
Draftbox's use of information received from Gmail APIs adheres to Google API Services User Data Policy, including the Limited Use requirements.
Specifically:
- We only access the Gmail data necessary for email automation
- We do not use Gmail data for serving advertisements
- We do not allow humans to read user data unless explicitly permitted or required for security purposes
7. Cookies and Tracking
We use essential cookies to:
- Maintain your login session
- Remember your authentication state
- Protect against CSRF attacks
We do not use tracking cookies or third-party analytics.
8. Children's Privacy
Our service is not intended for users under 18 years of age. We do not knowingly collect information from children.
9. International Data Transfers
Your data may be processed on servers located in different countries. By using our service, you consent to such transfers. We ensure appropriate safeguards are in place regardless of location.
10. Changes to This Policy
We may update this privacy policy from time to time. We will notify you of significant changes by updating the "Last updated" date at the top of this policy. Continued use of the service after changes constitutes acceptance of the updated policy.
11. Contact Us
If you have questions about this privacy policy or our data practices, please contact us through your account dashboard or by creating an issue on our GitHub repository.
Your Trust Matters: We are committed to being transparent about how we handle your data. If you have concerns or suggestions for improving our privacy practices, we want to hear from you.