The privacy of your data is a big deal to us. One example of this is that, unlike every other Gmail addon that I'm aware of, we don't require full access to your email (aka 'OAuth Access') by default.
What We Store on our Servers
We only store what cannot be easily stored in Gmail itself: the notes and sub-tasks you add to emails and ranking your emails (when you drag them up & down). We only use the email's numeric ID (not any personal details) to identify the data we've stored. We also store your ActiveInbox Preferences on our server.
We also store your email address, as the identifier for your ActiveInbox account and the data above.
Everything else - tasks, projects, due dates, etc. - are stored using Gmail labels, and never touch our servers.
With the exception of the emails you choose to 'send later', at no point do any part of your emails pass through our server; and we never store any of your emails on our server.
To guide our product development, we store your interaction with our website, which is used to make improvements using aggregate data. We also take occasional snapshots of your feature usage, but with no personal information (e.g. we'll record you clicked the 'save note' button but not what the note was). You can turn this off in the Preferences (but it is really useful for making improvements).
We use SSL (https) everywhere, for secure data exchange.
The data in the database isn't encrypted, but the database is secure with Amazon's Web Services ecosystem. Only the dev team has access to it, and we'll never access your data without you requesting us to (e.g. to debug a problem).
We utilise the following vendors to provide ActiveInbox: Mailchimp, Mailgun, Amazon AWS, Google Analytics, Gmail, Get Satisfaction, Mixpanel, PayPal, Stripe.
One or more of - your email address, your data (as detailed above), interaction with our website and support exchanges - may be transmitted through those services. If you have any reason to distrust these services, please contact us.
Access to your Gmail data
For the desktop Gmail plugin
By default, we don't have direct access to your email from our server (aka 'OAuth access'). This is in contrast to how most Gmail plugins work, and we've worked hard to prevent this insecure possibility.
Instead, ActiveInbox interacts with Gmail via your browser as a plugin, entirely within your machine. The only data that gets transmitted to our server is that detailed above (e.g. Notes). We really encourage any geeks out there to verify that by watching the Network tab in Chrome's Developer Tools, and if you don't like something we do, please shout loud & publicly. (That is to say, we're confident you won't find anything!).
For certain features, you can optionally grant our server access to your email to make them work (aka 'OAuth access'). However, we make it very clear what you're granting access to when it happens, and you can still choose not to. Currently, only Send Later requires this, as it needs our server to have 24/7 access to your email to work properly.
For our mobile apps
Our mobile apps theoretically do enable our servers to access your emails (aka 'OAuth access'). Even though we have no reason to do this, and don't do this, it's impossible to stop that theoretical possibility.
If your data is legally sensitive, you may wish to approach us about a non-technical solution, such as building legal trust with us as a vendor.
Alternatively, you may wish to simply use ActiveInbox on the desktop only (via the more secure Gmail plugin).