Privacy Policy

Last updated: May 2025

Overview

Inbox is a simple, private note-taking app. Your data stays on your device by default. We do not operate servers, collect analytics, or track you in any way.

Data storage

All lists and items you create are stored exclusively in your browser's localStorage. This data never leaves your device unless you explicitly choose to sync it with Google Drive (see below).

Google Drive (optional)

Inbox offers an optional feature to sync your data with a file in your own Google Drive account. If you use this feature:

• You are prompted to sign in with Google and grant Inbox permission to access a single file it creates (inbox.list) in your Drive.

• Your data is sent directly from your browser to the Google Drive API using an OAuth 2.0 access token. It is not routed through any Inbox server.

• Inbox stores the Drive file ID in localStorage to locate the file on subsequent syncs. No other account information is stored.

• You can revoke access at any time through your Google account permissions.

Use of Google Drive is governed by Google's Privacy Policy.

Third-party scripts

Inbox loads the Google Identity Services library (accounts.google.com/gsi/client) to support the optional Drive sign-in flow. This script is only used when you interact with the Drive feature. No other third-party scripts are included.

Cookies and tracking

Inbox does not use cookies, advertising networks, or any analytics or tracking technology.

Children's privacy

Inbox does not knowingly collect any information from children under 13. Because no data is collected at all, the app is safe for general use.

Changes to this policy

If this policy changes, the "last updated" date above will be revised. Continued use of the app after any change constitutes acceptance of the revised policy.

Contact

If you have questions about this policy, please open an issue on the project's GitHub repository.