Privacy Policy – TidyMailbox

Last updated: June 2, 2025

TidyMailbox respects your privacy. This privacy policy explains how we collect, use, protect, and process your personal data when you use our application.

1. Data Controller Identity

TidyMailbox is developed and maintained by:

Marius Diguat
69 rue des Vallons
68100, Mulhouse
France
Contact: contact@mariusdiguat.com

2. Data Protection Officer (DPO) Contact

No data protection officer has been designated at this time. For any questions regarding the protection of your data, please contact us at: contact@mariusdiguat.com

3. Processing Purposes

TidyMailbox accesses certain data from your Gmail account to provide you with an email analysis and cleanup service.

The data is only used to:

Analyze and sort your emails to help you clean up your Gmail inbox
Display recommendations for deletion, grouping, or archiving

4. Legal Basis for Processing

The processing of your data is exclusively based on your explicit consent, given when connecting to the application via your Google account (OAuth 2.0).

5. Mandatory or Optional Collection

Using TidyMailbox requires connecting with your Google account. Without this consent, you will not be able to access the main features of the application.

6. Categories of Data Collected

We only access data necessary for the proper functioning of the app:

Email address, name, and Google profile picture
Gmail inbox content (metadata and message body), only for local analysis

No sensitive data is collected or stored.

7. Collection and Processing Methods

Data access is through Google's OAuth 2.0 protocol, with your authorization
Emails are processed locally in your browser
Email analysis is performed via Google's Gemini Flash API. Requests sent contain only the strict minimum necessary for analysis and are never stored by TidyMailbox
No data is transmitted to or stored on our servers

7 bis. No Use of Gmail Data for AI Model Training

TidyMailbox does not use any Gmail data to train, improve, or develop generalized AI or machine learning models.

All email content accessed via Gmail API is processed only as needed to provide the specific features of the TidyMailbox application (sorting, cleanup suggestions, labeling, etc.), and never reused or stored for broader AI training purposes.

8. Data Recipients

The only entities that can process certain data are:

You, via your browser
Google, via its Gemini API for AI analysis

We never share your data with unauthorized third parties, partners, or for commercial purposes.

9. Data Transfer Outside the EU

TidyMailbox does not voluntarily transfer your data outside the European Union.

Any communication with Google services may involve processing in third countries, governed by mechanisms provided for by GDPR (standard contractual clauses).

10. Data Retention Period

No personal data or email content is stored on our servers
Information is kept only locally on your device for the duration of application use

11. Your Rights

In accordance with applicable regulations (GDPR, CCPA), you have the following rights:

Access to your data
Rectification of your data
Deletion of your data
Opposition to or limitation of processing
Withdrawal of consent at any time

To exercise your rights, contact us at: contact@mariusdiguat.com

12. Right to Lodge a Complaint

If you believe your rights are not being respected, you can file a complaint with your country's data protection authority (such as the CNIL in France: www.cnil.fr).

13. Data Security

We implement the following measures to ensure the confidentiality of your data:

Local processing in the browser
Temporary storage in device localStorage
Secure OAuth 2.0 authentication
Strictly limited access to your personal data

14. Policy Updates

We reserve the right to modify this policy. Any significant changes will be notified through the application and will require your consent to continue using the service.

15. Contact

For any questions about this policy or the management of your data, write to us at:

📩 contact@mariusdiguat.com