Privacy Policy
Your privacy is important to us. This policy explains how we collect, use, and protect your information in accordance with GDPR.
Last updated: October 11, 2025
Introduction
GO AI Biz Labs Ltd ("we," "our," or "us") operates InboxZeroed, an AI-powered email management service. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
Information We Collect
Personal Information
- Email address and account credentials
- Name and profile information
- Contact information you provide
Email Data
- Email content and metadata (for processing purposes only)
- Email classifications and responses generated by our AI
- Usage patterns and preferences
Technical Information
- IP address and device information
- Browser type and usage analytics
- Service performance and error logs
How We Use Your Information
We use your information to:
- Provide and improve our email management services
- Process and analyze emails using AI technology
- Generate automated responses and classifications
- Provide customer support and technical assistance
- Send service updates and important notices
- Ensure security and prevent fraud
- Comply with legal obligations
Gmail API Access and Usage
InboxZeroed integrates with Gmail to provide email management services. We access your Gmail data with your explicit consent through Google's OAuth system.
Gmail API Scopes We Request
We request the following Gmail API permissions:
- gmail.readonly - Read your email messages and settings to analyze and classify emails
- gmail.send - Send emails on your behalf when you approve automated responses
- gmail.compose - Create draft email responses for your review before sending
- gmail.modify - Apply labels and organize your emails based on AI classification
How We Use Gmail Data
- Email Reading: We read your email content to analyze importance, classify by category, and generate summaries
- Email Organization: We apply labels automatically to organize your inbox (e.g., "Important," "Newsletter," "Action Required")
- Draft Generation: We create draft responses using AI based on email content and your knowledge base
- Automated Sending: We send emails on your behalf only when you explicitly approve them
- Email Metadata: We process sender information, timestamps, and email structure for classification
Limited Use Disclosure
InboxZeroed's use of information received from Gmail APIs adheres to Google API Services User Data Policy, including the Limited Use requirements.
- Gmail data is used only to provide and improve InboxZeroed's email management features
- We do not transfer Gmail data to third parties except as necessary to provide our service
- We do not use Gmail data for advertising purposes
- We do not allow humans to read your emails except with your explicit consent for debugging purposes
- We do not use Gmail data to determine creditworthiness or for lending purposes
Your Control Over Gmail Access
You have full control over InboxZeroed's access to your Gmail:
- You can disconnect Gmail access at any time from your settings
- You can revoke access directly through your Google Account permissions
- Disconnecting Gmail will stop all email processing immediately
- Your email data in our system is automatically deleted based on your retention settings (default: 48 hours)
Legal Basis for Processing (GDPR)
Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:
Consent (Article 6(1)(a))
- Gmail OAuth connection and email access
- AI analysis of your email content
- Optional marketing communications
You can withdraw consent at any time by disconnecting your Gmail account or unsubscribing from communications.
Contract Performance (Article 6(1)(b))
- Account creation and authentication
- Service delivery (email classification, briefings)
- Customer support
Legitimate Interest (Article 6(1)(f))
- Security and fraud prevention
- Service improvement and optimization
- Technical error detection and resolution
Legal Obligation (Article 6(1)(c))
- Compliance with data protection laws
- Response to legal requests
- Tax and accounting requirements
Data Retention and Automatic Deletion
We are committed to not storing your email data longer than necessary. You have full control over data retention.
User-Controlled Email Data Retention
You can configure how long we keep your email content: 0 to 720 hours (0 to 30 days)
Default: 48 hours (2 days)
After this period: Email content, subject lines, sender names, and other sensitive data are automatically deleted.
What We Keep for Deduplication
- Gmail message IDs (prevents re-processing the same email)
- Timestamps and basic metadata
- Classification results (without content)
Account Data Retention
- Active accounts: Data retained until you delete your account
- After account deletion: 30-day grace period, then permanent deletion
- Billing records: 7 years (legal requirement for tax purposes)
Automated Cleanup
Our system automatically cleans up data daily at 2:00 AM UTC. You can also manually trigger cleanup anytime in your settings.
International Data Transfers
✓ All your data stays in the European Union
We have specifically chosen EU-based infrastructure for all our services:
- Database and Authentication: Supabase (EU region)
- Application Hosting: Vercel (EU region)
- AI Processing: Mistral AI (France)
- Email Services: Resend (GDPR compliant)
- Gmail Integration: Google (EU region, Standard Contractual Clauses)
Your data is not transferred outside the EU. All processing occurs within European Economic Area (EEA) data centers.
We work exclusively with European AI models and ensure all third-party processors comply with GDPR requirements.
Automated Decision-Making and AI
InboxZeroed uses Artificial Intelligence to automatically analyze and classify your emails. Here's what you should know:
What Our AI Does
- Analyzes email content to determine if a response is needed
- Classifies emails into categories (newsletters, important, actionable, etc.)
- Generates automated email summaries (briefings)
- Suggests follow-up actions
Your Rights Regarding AI Decisions
- You can review and override any AI classification
- You can correct misclassifications
- You can opt-out of automated processing (manual mode available)
- AI decisions do not have legal or similarly significant effects on you
AI Models We Use
We use European AI models exclusively:
- Mistral AI - French AI company, EU-based processing
Mistral AI does not use your data to train their models.
Third-Party Service Providers
We work with the following carefully selected service providers. All have signed Data Processing Agreements (DPAs) and comply with GDPR:
We may update our service providers from time to time to improve our services. The list below reflects our current providers as of the date shown at the top of this policy. We will notify you of any significant changes to key service providers.
| Provider | Purpose | Location | Privacy Policy |
|---|---|---|---|
| Supabase | Database, Authentication | EU Region | View |
| Vercel | Application Hosting | EU Region | View |
| Mistral AI | AI Email Analysis | France (EU) | View |
| Gmail API Integration | EU Region | View | |
| Resend | Email Delivery (newsletters) | GDPR Compliant | View |
| Slack | Optional Integration | GDPR Compliant | View |
Note: We only share the minimum data necessary for each service to function. None of these providers sell your data or use it for their own purposes beyond providing the service.
Data Security
We implement industry-standard security measures including:
- End-to-end encryption for data transmission
- Secure data storage with encryption at rest
- Regular security audits and vulnerability assessments
- Limited access controls and authentication protocols
- GDPR compliance for European users
Important: Your email data stays on your email provider's servers. We only access it temporarily for processing purposes and do not store email content permanently.
Data Sharing and Disclosure
We do not sell, trade, or rent your personal information. We may share data only in these circumstances:
- With your explicit consent
- To comply with legal requirements or court orders
- To protect our rights, property, or safety
- With trusted service providers who assist in our operations (under strict confidentiality agreements)
- In connection with a business transfer or acquisition
Your Privacy Rights Under GDPR
Under the General Data Protection Regulation (GDPR), you have comprehensive rights over your personal data:
1. Right to Access (Article 15)
Request a copy of all personal data we hold about you. You can download your data anytime from your dashboard settings.
2. Right to Rectification (Article 16)
Correct any inaccurate or incomplete information. You can update your profile, settings, and preferences directly in your account.
3. Right to Erasure / "Right to be Forgotten" (Article 17)
Delete your account and all associated data. Available in Settings → Account → Delete Account. All data will be permanently deleted after a 30-day grace period.
4. Right to Data Portability (Article 20)
Export your data in machine-readable format (JSON/CSV). Available in Settings → Privacy & Data → Download My Data.
5. Right to Object (Article 21)
Object to processing based on legitimate interests. You can opt-out of non-essential processing, analytics, and marketing communications.
6. Right to Restrict Processing (Article 18)
Request that we limit how we use your data while a dispute is being resolved.
7. Right to Withdraw Consent (Article 7)
Withdraw consent for email processing anytime by disconnecting your Gmail account. Withdraw marketing consent by unsubscribing from emails.
8. Right to Lodge a Complaint (Article 77)
File a complaint with your local data protection authority if you believe we've violated your rights.
How to Exercise Your Rights
- Most rights: Available directly in your dashboard settings
- Complex requests: Email us at info@goaibizlabs.com
- Response time: We'll respond within 30 days (or explain why we need more time)
- Free of charge: Exercising your rights is always free
Cookies and Tracking
We use cookies and similar technologies to improve your experience. We ask for your consent before setting non-essential cookies.
| Cookie Type | Purpose | Duration | Consent Required |
|---|---|---|---|
| Essential | Authentication, session management, security | Session / 30 days | No (Required) |
| Preference | Language selection, theme, settings | 12 months | No (Functional) |
| Analytics | Usage statistics, performance monitoring | 13 months | Yes (Optional) |
Your Cookie Choices
- You can accept or reject analytics cookies via our cookie banner
- Essential cookies cannot be disabled as they're necessary for the service
- You can change your preferences anytime through your browser settings
- You can delete cookies from your browser at any time
Data Breach Notification
In the unlikely event of a data breach affecting your personal information, we will:
- Notify relevant supervisory authorities within 72 hours of discovering the breach (as required by GDPR Article 33)
- Notify affected users via email without undue delay if the breach poses a high risk to your rights and freedoms
- Provide clear information about what happened, what data was affected, and what steps we're taking
- Recommend actions you should take to protect yourself
We maintain comprehensive security monitoring and incident response procedures to detect and respond to potential breaches promptly.
Children's Privacy
InboxZeroed is not intended for users under 16 years of age.
We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at info@goaibizlabs.com.
If we discover we have collected personal information from a child under 16, we will delete that information as quickly as possible.
Policy Updates
We may update this Privacy Policy periodically. We will notify you of significant changes via email or through our service. Your continued use of InboxZeroed after changes indicates acceptance of the updated policy.
Contact Us
If you have questions about this Privacy Policy or want to exercise your rights, please contact us:
GO AI Biz Labs Ltd
4 Deacon Street, Unit 1106, London SE17 1GD, United Kingdom
Company Number: 16753279
Website: goaibizlabs.com
Email: info@goaibizlabs.com
Phone: +44 7440 540 63
EU Representative (GDPR Article 27)
For data protection inquiries from EU/EEA residents:
Neural Circus
Represented by: Christophe Rammant
Baron Ruzettelaan 264, 8310 Brugge, Belgium
Email: christophe@neuralcircus.com
Supervisory Authority
If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority, or with:
Information Commissioner's Office (ICO) - United Kingdom
Website: ico.org.uk