1. Introduction
MailNuke ("we", "us", "our") is an AI-powered inbox cleaner that helps you organize and clean up your email inbox. This Privacy Policy explains what data we collect, how we use it, and how we protect it.
2. Data We Collect
When you connect your email account (Gmail or Outlook) and scan your inbox, we collect the following email metadata for up to 100 recent messages per scan:
- Sender name and email address
- Subject line
- Snippet (the short preview text your email provider generates)
- Message and thread IDs
- Received date
- Category labels (e.g., Gmail Promotions/Social, Outlook Focused/Other)
- List-Unsubscribe headers (used for one-click unsubscribe)
We also store the AI-generated category for each classified email.
We do NOT collect or store email bodies, attachments, or contact lists.
We collect your name and email address from your Google or Microsoft account for authentication purposes.
3. Email Provider Permissions
Gmail (Google OAuth)
We request the following Google OAuth scopes:
gmail.modify— Read email metadata (sender, subject, snippet, headers) for classification and move emails to Trash when you choose to "nuke" them. Trashed emails remain recoverable in Gmail's Trash for 30 days.gmail.send— Send unsubscribe requests on your behalf via mailto-based List-Unsubscribe headers. These emails are sent from your own Gmail address.
Outlook (Microsoft OAuth)
We request the following Microsoft Graph permissions:
Mail.ReadWrite— Read email metadata for classification and move emails to Deleted Items when you choose to "nuke" them.Mail.Send— Send unsubscribe requests on your behalf via mailto-based List-Unsubscribe headers.
Each permission is used only for its stated purpose. We do not access your email data for advertising, market research, or any purpose unrelated to the MailNuke service.
4. AI Classification
Email metadata (sender, subject, snippet) is sent to Google Gemini 2.5 Flash via the Vercel AI Gateway for classification. The AI categorizes each email into one of four categories: Threat (phishing/scams), Marketing (unsolicited commercial email), Subscription (opted-in newsletters and alerts), or Keep (personal and important email).
- Only metadata is sent — never full email bodies or attachments.
- Classification results (category and reasoning) are stored in our database.
- We do not use your data to train AI models.
5. Data Storage and Security
- Email metadata and classification results are stored in Convex, our backend database, which encrypts data at rest.
- OAuth tokens (access and refresh tokens) are stored securely in our authentication system and are used solely to access your email on your behalf.
- Tokens are automatically refreshed as needed and are never exposed to the frontend.
- All connections use HTTPS/TLS encryption in transit.
6. Data Retention
- Email metadata is automatically purged after 30 days from the date the email was received. A daily automated process removes expired records.
- You can delete your account at any time from the Settings page, which immediately and permanently deletes all of your data including emails, whitelisted senders, scan history, authentication records, and OAuth tokens.
7. Third-Party Services
We use the following third-party services to operate MailNuke:
| Service | Purpose | Data Shared |
|---|---|---|
| Convex | Backend database and serverless functions | Email metadata, user records |
| Google Gemini (via Vercel AI Gateway) | Email classification | Sender, subject, snippet |
| Stripe | Payment processing | Email address, payment details (handled by Stripe) |
| Resend | Transactional emails | Email address |
| Better Auth | Authentication | Google/Microsoft OAuth profile |
We do not sell, rent, or share your personal data with third parties for their own marketing purposes.
8. Your Rights
You have the right to:
- Access your data through the MailNuke interface.
- Delete your account and all associated data at any time from the Settings page.
- Revoke email access at any time via your Google Account Permissions or Microsoft Account Permissions.
9. Google API Services User Data Policy
MailNuke's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
- We only use Google user data for the purposes described in this policy (inbox classification, email trashing, and unsubscribe requests).
- We do not transfer Google user data to third parties except as necessary to provide the service (AI classification), with user consent, or as required by law.
- We do not use Google user data for advertising or market research.
- We do not allow humans to read your email data unless required for security purposes, to comply with law, or with your explicit consent.
10. Children's Privacy
MailNuke is not intended for children under 13. We do not knowingly collect data from children under 13.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last Updated" date.
12. Contact
If you have questions about this Privacy Policy, contact us at team@turbolobster.com.