← Home

Privacy Policy / 隱私權政策

Last updated: 2026-05-20

English summary: InboxTidy reads only the metadata of your Gmail messages (sender address, subject line, date) to suggest categories and apply Gmail labels you confirm. We never read message bodies or attachments. We never sell your data.

中文摘要:InboxTidy 只讀取 Gmail 訊息的中繼資料(寄件人、主旨、日期)以建議分類,並在你確認後寫入 Gmail 標籤。我們不讀取信件內文或附件,也不販售你的資料。

1. Who we are / 我們是誰

InboxTidy is operated as a sole proprietorship by SHIA KE TAI, based in Taiwan. Contact: support@sonini.app.

InboxTidy 由 SHIA KE TAI(個人營運,所在地:台灣)提供。聯絡方式:support@sonini.app

2. What we access / 我們存取什麼

When you authenticate via Google OAuth, we request the minimum scopes needed:

  • gmail.metadata — read message headers (From, Subject, Date) only. No body or snippet is ever fetched.
  • gmail.labels — list, create, and rename labels under IS/.
  • gmail.modify — apply (and only apply) the labels you confirm to the messages you selected. We do not delete, archive, or move messages out of your inbox.

當你以 Google OAuth 授權,我們只請求必要的最小權限:讀取信件標頭(不含內文)、管理 IS/ 標籤、以及在你確認後對選定信件套用標籤。我們不會刪除、封存或搬移你的信件。

3. What we store / 我們儲存什麼

On your account

  • An OAuth access token (short-lived) used during the active session only.
  • The most recent scan result is held in server memory for up to 30 minutes so you can apply labels without rescanning, then automatically discarded.
  • To improve classification, we may temporarily retain sender and subject metadata only (never message bodies) from completed scans in our database; these records are automatically deleted after a limited period.
  • We do not store email bodies or attachments.

為改善分類準確度,我們可能在完成掃描後短期保留僅含寄件者與主旨的 metadata(不儲存信件內文),並於期限屆滿後自動刪除

Aggregated, anonymous signals

When you manually correct a category in the result page and click Apply, we record a vote of the form { sender_domain, target_category } in our shared database (Upstash Redis). These votes are aggregated across all users and used to improve classification for everyone. They contain no personal information, no sender name, no subject line, and no message ID after the apply step.

當你在結果頁手動更正分類並按「套用」,我們會記錄一筆「寄件網域 → 目標類別」的匿名投票, 用於跨使用者改善分類準確度。投票不包含任何個人資訊、寄件人姓名、主旨或郵件 ID。

4. Data protection for sensitive information / 敏感資料之保護措施

Gmail message metadata and OAuth credentials are sensitive. We protect them using the following technical and organizational measures:

  • Encryption in transit: All connections between your browser and InboxTidy, and between our servers and Google (OAuth and Gmail API), use HTTPS (TLS). Connections to our database provider (Upstash) also use TLS.
  • Credential handling: Your Google OAuth access token is stored only in an httpOnly cookie (not accessible to page scripts), with SameSite=Lax and Secure in production. Tokens are used only on the server to call Google APIs; they are not embedded in URLs or returned to client-side JavaScript.
  • Least privilege: We request only the Gmail scopes listed in section 2. We fetch message metadata with format=metadata and only the From, Subject, and Date headers — never bodies, snippets, or attachments.
  • Minimal retention: We do not persist email bodies or attachments. Session scan results in memory are discarded after about 30 minutes. Optional short-term metadata copies (sender + subject for classification improvement) in Redis are automatically deleted.
  • Infrastructure: The application runs on Vercel. Operational data such as usage counters and anonymous classification votes are stored in Upstash Redis. We rely on these providers' industry-standard protections for data at rest and access control; see their respective security and privacy documentation.
  • Access: Only automated server processes use your token to perform the actions you initiate (scan, apply labels). We do not sell or license Gmail data to third parties for advertising.

Gmail 訊息中繼資料與 OAuth 憑證屬敏感資訊。我們採取下列技術與組織面措施加以保護:

  • 傳輸加密:你的瀏覽器與 InboxTidy 之間、以及我們伺服器與 Google(OAuth 與 Gmail API)之間,皆使用 HTTPS(TLS)。與資料庫服務(Upstash)的連線亦使用 TLS。
  • 憑證處理:Google OAuth 存取權杖僅存放在 httpOnly Cookie(網頁 腳本無法讀取),並設定 SameSite=Lax;正式環境另啟用 Secure。權杖僅於伺服器端呼叫 Google API 時使用,不會放在網址參數或回傳給前端 JavaScript。
  • 最小權限:我們僅請求第 2 節所列之 Gmail 權限;以 format=metadata 僅取得 From、Subject、Date 標頭,不取得內文、snippet 或附件。
  • 最小保存:我們不持久儲存郵件內文、完整標頭備份或附件。最近一次掃描的分類結果僅暫存於伺服器記憶體(最長約 30 分鐘)供該次工作階段使用,之後自動清除。
  • 基礎設施:應用程式託管於 Vercel;使用量計數與匿名分類投票等營運資料存放於 Upstash Redis。我們依賴各該供應商符合業界慣例的靜態儲存加密與存取控管;細節請參考其安全與隱私文件。
  • 存取:僅有在你主動操作(掃描、套用標籤)時,自動化的伺服器流程會使用你的權杖完成對應動作。我們不將 Gmail 資料出售或授權予第三方用於廣告。

5. What we do NOT do / 我們不做的事

  • We do not read message bodies, snippets, or attachments.
  • We do not delete or archive your emails.
  • We do not sell, rent, or share your data with advertisers.
  • We do not train machine learning models on your personal email content.
  • We do not send you marketing email without your explicit opt-in.

6. Third parties / 第三方

  • Google — OAuth login and Gmail API access, governed by Google's own policies.
  • Vercel — application hosting in the United States / EU regions.
  • Upstash — anonymous vote aggregation only (no personal data).
  • Lemon Squeezy — Merchant of Record for paid scans. Lemon Squeezy processes payments, handles invoicing, and remits applicable sales tax/VAT on our behalf. They store billing information (name, email, billing country, last 4 digits of card); we never see your full card number. See Lemon Squeezy's privacy policy.

7. Data retention / 保存期限

  • OAuth session: cleared when you close the browser tab or after 30 minutes idle.
  • Scan results in memory: ≤ 30 minutes after your last activity.
  • Aggregated votes: kept indefinitely as anonymous counts; per-message dedup keys for 90 days.
  • Lemon Squeezy transaction records: retained by Lemon Squeezy as required by their merchant obligations and by Taiwan tax law (typically 5 years).

8. Your rights / 你的權利

You can revoke access at any time via Google Account → Security → Third-party access. You may also request deletion of any billing-related personal data by contacting support@sonini.app. See our Data Deletion page for details.

9. Changes / 更新

We will update this page when our practices change and revise the "Last updated" date above. Material changes will be announced on the homepage.

10. Limited Use disclosure (Google API)

InboxTidy's use and transfer of information received from Google APIs to any other app will adhere to Google API Services User Data Policy, including the Limited Use requirements.