Legal
PRIVACY POLICY
Last updated: 17 June 2026
Overview
Inbox Swipe is a Chrome extension that helps you triage your Gmail inbox. We take your privacy seriously — your email data stays between you and Google.
Data we access
Inbox Swipe accesses your Gmail inbox solely to display unread emails in the extension popup and to perform actions you explicitly request (archive, mark as read, reply, skip).
Data we store
We store the following locally on your device only, using Chrome's built-in chrome.storage.local API:
- A temporary cache of fetched email threads (to speed up popup loading)
- Your Gmail label ID for the "Swiped" label
No data is stored on any external server. No data leaves your device except to Google's Gmail API on your behalf.
Data we do not collect
- We do not collect personally identifiable information
- We do not track usage or analytics
- We do not share, sell, or transfer your data to any third party
- We do not use your data for any purpose other than displaying and triaging your own emails
Authentication
Inbox Swipe uses Google OAuth via Chrome's identity API to authenticate you. Your OAuth token is managed by Chrome and is never stored by the extension.
Third-party services
Inbox Swipe communicates with the following external services:
- Google Gmail API (
https://gmail.googleapis.com) — to fetch, display, and modify your emails using your own OAuth credentials. - Google Calendar API (
https://www.googleapis.com) — to display calendar events linked to email threads. - OpenRouter (
https://openrouter.ai) — to generate AI-drafted reply suggestions. When you open the reply composer, the subject line and body of the email thread are sent to OpenRouter solely to generate a suggested reply. No data is stored or used for training by OpenRouter under our usage agreement.
No other third-party services receive your data.
Data protection
We protect your data through the following mechanisms:
- All communication with Google APIs and OpenRouter is transmitted over HTTPS/TLS encryption.
- Your OAuth token is managed entirely by Chrome's identity API and is never stored or logged by the extension.
- Email data cached locally is stored in Chrome's sandboxed
chrome.storage.local, accessible only to this extension. - The extension requests only the minimum OAuth scopes necessary to perform the actions you initiate.
- No email content is written to disk, logged, or transmitted to any server other than Google's APIs and OpenRouter for reply generation as described above.
Data retention and deletion
Inbox Swipe does not retain your data on any external server. All data handling is as follows:
- Local cache — Email threads cached locally via
chrome.storage.localare cleared automatically when you sign out of the extension, or when you uninstall it. - OAuth token — Your Google OAuth token is managed by Chrome. Signing out of Inbox Swipe revokes the token on Google's servers immediately.
- AI reply generation — Email content sent to OpenRouter for reply drafting is not stored beyond the duration of the API request.
- No server-side data — Because we store nothing on our servers, there is no account to delete. Uninstalling the extension removes all locally stored data.
To delete all data associated with Inbox Swipe: sign out within the extension, then uninstall it from chrome://extensions. To revoke Google's access entirely, visit myaccount.google.com/permissions and remove Inbox Swipe.
Changes to this policy
If we make material changes to this policy, we will update the date above and publish the new version at this URL.
Contact
For questions about this privacy policy, contact: manuel@carbonmails.com