Early access

Bring PureBox to your AI assistant.

Soon you'll be able to link PureBox to assistants like ChatGPT and Claude, so they can answer questions about your inbox cleanup on your behalf - without ever seeing your email or your Google login. Here's how it works, and how we keep it safe.

What's live today

We're building this in the open.

Live now

You can already view and unlink assistant connections from Account > Assistant access. The secure foundation - the connection endpoint and its private, read-only design - is built and in place.

Coming soon

The one-tap "link ChatGPT to PureBox" flow isn't open to everyone yet. We're finishing the secure sign-in piece before we turn it on. Want to be first? Tell us below.

The idea

Ask your assistant about your inbox, not the other way around.

You link PureBox once from inside your assistant. After that, the assistant can ask PureBox simple, read-only questions - like whether your Gmail is still connected - and explain what to do next if something needs your attention. You stay in PureBox for anything that actually changes your inbox.

Safe by design

The same control you already trust, extended carefully.

Read-only, always

In this first release an assistant can only check your cleanup status. It can't move, archive, delete, or read your email - there are no write actions and no email content.

Your login is never shared

Assistants never see your Gmail tokens, your Google password, or any secret. PureBox keeps your Google connection to itself - the assistant only ever talks to PureBox.

You can unlink anytime

See every linked assistant and remove it in one tap from Account > Assistant access. Unlinking takes effect immediately.

No email content leaves PureBox

The assistant receives only non-secret status - never your subjects, senders, previews, or message bodies.

How you'll use it

Three steps, and you stay in control of every one.

Link from your assistant

Start the connection from inside ChatGPT or Claude and sign in to your existing PureBox account. You approve the link - PureBox never reaches into your assistant on its own.

Ask read-only questions

Your assistant can check things like whether PureBox is still connected to your Gmail, and tell you plainly if anything needs a fix.

Act in PureBox

When something needs doing - like reconnecting Gmail - the assistant hands you a safe link straight into PureBox. The change happens where you can see and reverse it.

Assistant access follows the same rules as the rest of PureBox: review-first, reversible, and private.

See how we handle your data

Want assistant access first?

We'll email you the moment linking ChatGPT and Claude is ready for your account. No spam, just the one heads-up.

Notify me when it's ready

For developers and integrators

PureBox speaks the Model Context Protocol.

PureBox exposes a secure, read-only MCP surface so assistant platforms can integrate. It's default-closed today: until the managed authorization server and client allowlist are configured in production, the endpoint rejects every call.

Transport: A single JSON-RPC endpoint over Streamable HTTP at POST /mcp. Standard MCP initialize, tools/list, and tools/call methods apply.
Authorization: OAuth 2.0 with resource-bound access tokens. Discover the protected resource at GET /.well-known/oauth-protected-resource; unauthorized calls return 401/403 with a WWW-Authenticate challenge. Tokens are scoped to the MCP resource and never carry Gmail OAuth scopes.
Supported providers: ChatGPT and Claude are the allowlisted clients in v1. Other platforms are out of scope for this release.
v1 tool: get_purebox_connection_status: One read-only tool, no input. It returns whether an assistant is linked, the linked provider, granted MCP scopes (never Gmail scopes), and the non-secret PureBox-to-Gmail connection state: none, connected, expired, or revoked. No write actions, no email content, no scanning in v1.
The outcome envelope: Every tool result conforms to a shared shape: { outcome, data?, issue? }. outcome is one of ok, needs_user_action, blocked, or transient. Any non-ok result carries an issue with a machine code, a human title and detail, an imperative remediation string, and a cold-start-safe, token-free action_url (carrying ?source=assistant) the user can open to self-resolve.
Two layers, never crossed: Assistant-to-PureBox auth failures stay at the transport layer (401/403 + WWW-Authenticate). PureBox-to-Gmail state is reported only as non-secret data or a needs_user_action envelope inside a 200 - so a Gmail problem can never trigger an assistant re-link loop.
Connection management: Users list and revoke their own links from Account > Assistant access, backed by GET /v1/mcp/connections and POST /v1/mcp/connections/:id/revoke. Connection records expose only non-secret consent and audit metadata - never tokens or token hashes.

Status: foundation built, live connect flow not yet enabled. Two production config items remain open (the canonical MCP endpoint URL and the ChatGPT/Claude client allowlist). Integrators: contact us to coordinate early access.