Your email data, protected
ApplyInbox reads your email to find recruiter conversations. We take that access seriously. Here is exactly what we do with your data.
How your email is processed
Most emails are dismissed based on subject and sender alone, without reading the content. Full email content is only read for likely recruitment matches, and is never saved.
Your email inbox
Gmail or Outlook
Classification pipeline
Processed in memory, never saved
Filter
Dismiss spam and promotions
dropped: most emails
Analyze
AI checks subject and sender
Google Geminidropped: most remaining
Classify
AI reads email content once
Only for likely matches
Google Geminidropped: small fraction
Not job-related
Nothing stored
Job-related
Metadata stored
Your email inbox
Gmail or Outlook
Classification pipeline
Processed in memory, never saved
Filter
Dismiss spam and promotions
dropped: most emails
Analyze
AI checks subject and sender
Google Geminidropped: most remaining
Classify
AI reads email content once
Only for likely matches
Google Geminidropped: small fraction
Not job-related
Nothing stored
Job-related
Metadata stored
What we store
Everything we store is visible to you in the dashboard. No hidden data.
Stored for job-related emails
- Sender name and email address
- Email subject line
- Dates (sent, received)
- Company name (extracted)
- Role title (extracted)
- Application stage (extracted)
- Interview dates (extracted from calendar invites)
Never stored
- Email body content (read once for classification, then discarded)
- Email attachments (never fetched)
- Non-recruitment emails (dismissed in memory)
- Passwords (we use OAuth, no passwords)
- Payment card data (handled entirely by Stripe)
How your data is protected
Read-only email access
ApplyInbox uses the minimal Gmail readonly and Outlook Mail.Read scopes. We cannot send, modify, or delete your emails.
Encrypted credentials
Your email access tokens are encrypted at rest using industry-standard encryption (Fernet/AES). Encryption keys are stored in a separate secrets manager, never in the database.
Full transparency
Everything we store is visible to you in the dashboard. There is no hidden data collection. What you see is exactly what we have.
Instant deletion
Delete your account at any time. All your data is permanently removed immediately. Your email access token is revoked. No retention period, no soft-delete.
Third-party services
Services that handle your data, what they receive, and how long they keep it.
Gmail / Outlook
We read email metadata and content via their API
Nothing extra stored by them. You can revoke access anytime in your Google or Microsoft account settings.
Google Gemini
Email content is sent for classification
Not retained. Paid API tier contractually prohibits training on customer data.
Stripe
Payment information for subscriptions
Standard payment records only. We never see or store your card number.