Privacy Policy for Karma Inbox

Last updated: August 20, 2025

1. Information We Access

Karma Inbox requests access to certain Google user data through OAuth scopes and Chrome extension permissions:

Google OAuth Scopes

• https://www.googleapis.com/auth/gmail.readonly – Read your emails and settings so we can analyze message metadata and content for prioritization.
• https://www.googleapis.com/auth/gmail.modify – Move or label emails within Gmail when applying karma scores or user-selected actions.
• https://www.googleapis.com/auth/gmail.labels – View and manage your Gmail labels to categorize priority emails.
• openid, email, profile – To identify your Google account, display your name/profile picture, and ensure you are signed into the correct mailbox.

Chrome Extension Permissions

• storage – Save preferences and cached metadata locally.
• identity – Secure OAuth login with Google.
• activeTab / tabs – Display karma indicators inside the Gmail interface.
• notifications – Notify you about important emails or digests if enabled.
• alarms – Schedule background checks for new messages.

2. How We Use This Data

• Email metadata and content (sender, subject, body, labels) – Used locally to calculate karma scores, summarize, and prioritize your inbox.
• Labels – Created or updated to organize messages into high/low-priority folders when you enable this feature.
• Profile information – Display your account identity inside the extension; not stored or shared.
• Notifications/alarms – Provide reminders or digests at user-defined times.

3. Local vs External Processing

• On-device: All core scoring and prioritization logic runs locally inside your browser.
• External AI (optional): If you enable AI summarization, selected message text is sent securely to your chosen provider (Anthropic, Google Gemini, or OpenAI). You must provide your own API key, and communications are direct between your browser and the provider. Karma Inbox does not intercept or store this data.
• Payments: Paddle APIs are used only for subscription billing; no email data is shared.

4. Data Retention

We do not store your emails or personal data on our servers. Cached metadata and preferences remain only in your browser storage and are deleted if you uninstall the extension. OAuth tokens are securely handled by Chrome’s identity API.

5. Sharing of Data

• No selling or advertising use of your data.
• No sharing with third parties, except:
  • AI providers you explicitly configure, for summaries.
  • Payment processor Paddle, for handling subscriptions (billing data only).
• Disclosure only if legally required.

6. Limited Use Compliance

Karma Inbox complies with Google’s Limited Use policy:

• Gmail data is only used to provide user-facing features (karma scoring, prioritization, summarization).
• Data is never sold or used for ads.
• Human access to data is prohibited except with your consent, for security, or legal compliance.
• Data is not transferred to others except as necessary to provide the features you enable.

7. Your Choices

• Revoke permissions anytime via Google Account settings.
• Delete all local data by uninstalling the extension.
• Disable or choose which AI provider you connect.

8. Security

• All data in transit uses TLS encryption.
• Local API keys are encrypted before storage.
• No centralized data collection by Karma Inbox.

9. Children’s Privacy

Karma Inbox is not directed at children under 13 and does not knowingly collect their data.

10. Changes

We may update this policy, and will update the date above. Material changes will be posted at this URL.

11. Contact

Email us at karmamailinbox@gmail.com for questions or requests.

Karma Inbox Chrome Extension | Privacy Policy | Last Updated: August 20, 2025