Privacy & Security

Your inbox, on your terms.

PureBox is review-first by design. You see what it wants to do, and why, before anything happens - and every change lives in your real Gmail, where you can reverse it. Here's exactly how your data is handled.

What PureBox does

  • Reads and stores each message's sender, subject, and a short preview (about the first 100 characters) to classify and label it.
  • Looks at engagement patterns - which senders you open, reply to, archive, or let pile up.
  • Tailors suggestions to your own routine, from your existing Gmail history.
  • Acts only on explicit actions you approve.

What PureBox never does

  • Use your email to train AI models or build an ad profile.
  • Store your full message body - only the sender, subject, and that short preview.
  • Sell or share your email data.
  • Move, archive, or delete anything without your approval.
  • Act silently in the background on the Free plan.
Review-first by design

Nothing moves until you say so.

1 · See it

Every suggestion is shown with a plain-language reason before anything happens.

2 · Approve it

You approve actions - one at a time or a whole track at once. Your call.

3 · Reverse it

Changes happen in your real Gmail, so anything can be found or restored.

On Pro, you can hand off the routine

Pro classifies new mail in real time as it arrives, and you can opt in to auto-cleanup so routine email is filed automatically by rules you set. Keep review-first on for everything, or hand off only what you trust - your call. Free always waits for your approval.

Where your data lives

The data PureBox stores - your tokens, plus each email's sender, subject, and short preview - is encrypted in transit and at rest, with row-level isolation so your records are scoped to you alone.

Acts in your real Gmail

Cleanup runs against your own Gmail through managed, refreshed tokens - so every change lands in the inbox you already trust, and stays reversible there.

Leave anytime

Disconnect PureBox from your Google account anytime - that stops all access immediately. You can request deletion of the data PureBox has stored, and inactive free accounts are cleared automatically.

Under the hood

The operational details behind the promises.

Encrypted in transit and at rest

Your connection and the data PureBox stores are protected with industry-standard encryption.

Trusted infrastructure

PureBox runs on managed cloud infrastructure, and our database is hosted on Supabase - a SOC 2 Type II-certified platform.

Minimal Gmail access

Connection uses Google OAuth 2.0 with only the Gmail permissions cleanup needs - revocable anytime from your Google account.

Least-privilege secrets

Application secrets live in a managed secret store, with access granted on a least-privilege basis.

Monitored, with logs redacted

Structured monitoring and alerting run in the background with sensitive fields redacted - and an in-app activity log records every change PureBox makes to your mailbox.

Responsible disclosure

Found a security issue? Email support@purebox.ai. We work with good-faith researchers on coordinated disclosure.

Personalization, honestly

Tailored to your inbox - without watching over your shoulder.

PureBox tailors its suggestions from your own Gmail history - a point-in-time look at which senders you actually open, reply to, archive, or let pile up. That's why the same sender can be treated differently for different people, with no setup or training period.

When a suggestion isn't right

You change it with rules you control - not a hidden algorithm. Set a rule for a sender or category and PureBox follows it, so the behavior is always something you can see, edit, and trust.

Common questions

Why does the Google screen ask for broad access?

To archive, trash, and label messages in your real Gmail, PureBox needs permission to act on your mail. That permission is what makes cleanup happen inside Gmail and stay reversible - and your mail is never sold or used to train AI models.

Do you train AI on my emails?

No. To classify an email, PureBox uses its sender, subject, and a short preview - your full message body is never stored, and your email is never used to train AI models. Personalization comes from your own mailbox history, so results are tailored to you without any model being trained on you.

Can I undo a cleanup?

Yes. Every change lives in your real Gmail, so archived or trashed messages can be found and restored the way you normally would.

What happens if I disconnect?

PureBox stops accessing your account and your inbox stays as it is. You can revoke access from your Google account at any time.

Try it with full control - free.

A limited sample scan - a slice of your recent senders and emails - shows you what PureBox would suggest, before you approve a single change.

Start free scan
See exactly what we access
PureBox requests Gmail access to read each message - sender, subject, and a short preview - and to apply the archive, trash, and label changes you approve. Your email is never sold or used to train AI models. Tokens are kept with row-level security and can be revoked anytime.