Privacy Policy — Zen Inbox Cleaner
Last Updated: June 13, 2026
At Zen Inbox Cleaner, we value your privacy and your peace of mind. Our app is built on the principle that your email data belongs to you. This Privacy Policy explains our commitment to transparency and how we handle your information.
1. Our Privacy-First Approach
Zen Inbox Cleaner is built with strict privacy principles. Your email data always stays inside your Google account and on your device. We operate no servers, databases, or cloud infrastructure that touch user data — all processing occurs on-device, and your email content and metadata never leave your device to any system we control. The only narrow exception is a small free-tier usage counter (a tally of emails trashed and bytes recovered — never any email content), which on iOS may sync across your own Apple devices through Apple's iCloud Keychain if you have it enabled. That stays entirely within your personal Apple account and never reaches us or any third party. See §4 for details.
2. Data We Access
Zen Inbox Cleaner only accesses the data strictly necessary to help you manage your inbox:
- Email metadata only. We read message identifiers, sender addresses, subject lines, and date/timestamp headers. On the dashboard path we also read the
List-Unsubscribe,List-ID, andPrecedenceheaders to power the unsubscribe and sender-trust features. TheList-Unsubscribe-Postheader (per RFC 8058) is fetched only when you explicitly tap "Unsubscribe" on a sender — never proactively, never stored to disk, and never used by background workers. - No email body content or attachments are read or stored.
- No access to: email body content, attachments, contacts, device storage, camera, microphone, location, or SMS.
Zen Inbox Cleaner does not access or store email body content or attachments.
3. OAuth Scopes Requested
Zen Inbox Cleaner requests three Google OAuth scopes at sign-in. These scopes support the following functionality:
https://www.googleapis.com/auth/gmail.modify— Used to read email metadata (sender, subject, date, and unsubscribe headers), move user-selected emails to Trash on your explicit confirmation, and send one-click unsubscribe requests on your behalf when the sender supports RFC 8058. All writes are user-initiated; there is no automated or scheduled modification.https://www.googleapis.com/auth/gmail.settings.basic— Used only to create and remove the Gmail filters used by the optional Cleanup Rules feature. Filters are never created without an explicit user-tap confirmation.https://www.googleapis.com/auth/userinfo.email— Used once at sign-in to fetch your Google account email address. This is needed as a stable per-account identifier so that switching accounts cleanly clears the previous account's local data and the in-app Settings screen can display the currently signed-in email.openidanduserinfo.profileare not requested — we do not access your profile photo, display name, or any other userinfo fields.
The app requests only the permissions essential to its core functionality. The optional Zen Pro in-app upgrade does not require any additional Google OAuth scopes; it is handled by the platform's built-in App Store (iOS) and Google Play (Android) services.
4. Local Data Storage
- On iOS: Local caches use SwiftData (
ZenInboxDB) for cached sender statistics and dashboard summaries, and SQLite via GRDB (ZenInboxMailbox.sqlite) for the sender intelligence index. Both stores live inside the app sandbox and never leave your device. - On Android: Local caches use Room (a
ZenDatabasefor cached sender statistics and dashboard summaries, and aMailboxDatabasefor the sender intelligence index). Both stores live inside the app sandbox and never leave your device. - OAuth tokens are stored in secure device storage — the iOS Keychain on iOS and EncryptedSharedPreferences on Android.
- In-app purchase data (Zen Pro upgrade). Zen Inbox Cleaner offers an optional one-time, lifetime upgrade ("Zen Pro"). All payment processing is handled by the operating system — Apple's App Store on iOS, Google Play on Android. We never receive your payment method, billing address, Apple ID / Google account credentials, or the Apple ID / Google Play billing email (which may differ from the Gmail address you authorized at sign-in under §3).
- On iOS: The app uses Apple's StoreKit 2 framework. To determine whether you have purchased Zen Pro, the app queries Apple's local
Transaction.currentEntitlementsAPI, which returns Apple-signed transaction objects from iOS-managed on-device storage outside the app's ownZenInboxDB/ZenInboxMailbox.sqlitedatabases. From those transactions the app derives a single boolean (isPro) that is held in memory only — it is never persisted to our databases or transmitted off-device. The fields exposed to the app are the product identifier (the constantcom.jyoti.zeninboxcleaner.pro.lifetime), Apple's opaque transaction identifier (non-PII), and Apple's revocation timestamp. "Restore Purchase" calls Apple'sAppStore.sync()directly device-to-Apple-server; we do not proxy or observe this exchange. Zen Pro is enabled for Apple Family Sharing. - On Android: The app uses Google's Play Billing Library for a one-time, non-subscription product. Entitlement is re-derived at app launch directly from Google's on-device billing service via
queryPurchasesAsync(INAPP)rather than being cached to disk; the resulting Pro state is held in memory only. Any purchase identifiers returned by Google are kept on-device and are not transmitted to any server we operate.
- On iOS: The app uses Apple's StoreKit 2 framework. To determine whether you have purchased Zen Pro, the app queries Apple's local
- Free-tier usage counter. A small per-account record storing your lifetime free-tier counter (emails trashed and bytes recovered — never any email content) is kept on-device — on iOS as a JSON blob in the iOS Keychain (
com.zeninbox.freeQuotaservice); on Android as a plain (unencrypted) entry in the app's local DataStore (filefree_quota.preferences_pb), keyed by your Google account email. On iOS this counter is set tokSecAttrAccessibleAfterFirstUnlock, which permits iCloud Keychain to sync the counter across your own Apple devices when you have iCloud Keychain enabled — OAuth tokens are set to a stricter device-only setting and do not sync. The counter is wiped via Settings → Delete Account & Data; on Android it is additionally wiped when the app is uninstalled.
The app does not log access tokens, refresh tokens, email bodies, or personally identifying message content.
5. Data Deletion & Account Revocation
Because Zen Inbox Cleaner operates on-device and does not create or store user accounts on external servers, "deleting" your account is a matter of revoking permissions and clearing local data. You have several paths to do this — all of them are under your control.
- Sign out from inside the app. This is the most thorough path: it wipes both local stores (
ZenInboxDBandZenInboxMailbox.sqliteon iOS;ZenDatabaseandMailboxDatabaseon Android), clears the OAuth tokens from the Keychain (iOS) or EncryptedSharedPreferences (Android), clears the cached account email, and resets local preferences and history. - Revoke Gmail access from inside the app's Settings screen ("Manage Google Permissions"). The app posts to Google's OAuth revocation endpoint and then performs the same local wipe as sign-out.
- Revoke access from your Google Account directly. You can visit your Google Account Security Settings at any time, find "Zen Inbox Cleaner" in the list of connected apps, and select Remove Access. After revoking this way, the app can no longer communicate with the Gmail API; the next time you open the app, it will detect the revocation and prompt you to sign in again. Until you sign out in the app, switch accounts, or uninstall, the local metadata cache remains on the device — to clear it without reopening the app, simply uninstall.
- Uninstall the app. What uninstalling removes differs by platform:
- On Android: Uninstalling removes the entire app sandbox — all local stores (the Room caches, the
EncryptedSharedPreferencesholding OAuth tokens, and the DataStore free-tier counter) and all preferences. Because the app disables Android cloud backup and device transfer, none of this data is retained off the device. - On iOS: Uninstalling removes the SwiftData/GRDB caches and app preferences, but iOS does not automatically delete Keychain items. The OAuth tokens and the free-tier usage counter are stored in the iOS Keychain and therefore remain on the device after uninstall. They are cleared by Sign Out, Revoke Access ("Manage Google Permissions"), or Delete Account & Data inside the app. While they remain, these orphaned Keychain items stay encrypted and are readable only by this app's signed bundle identifier — never by other apps — and reinstalling Zen Inbox Cleaner restores access to them.
- On Android: Uninstalling removes the entire app sandbox — all local stores (the Room caches, the
Cleanup Rules (Gmail filters). If you created any Cleanup Rules, the underlying Gmail filters remain on your Google account even after you sign out, revoke access, or uninstall the app. To remove them either delete them from within the app (the Rules screen → tap a rule → Delete) before signing out or uninstalling, or remove them later from Gmail directly (Settings → Filters and Blocked Addresses).
Email recovery. Nothing is permanently deleted by the app. Emails the app moves to "Trash" remain there for 30 days under Google's standard Gmail retention policy, during which you can restore them from the official Gmail app or website.
Because Zen Inbox Cleaner operates entirely on-device, there is no server-side data to retain or dispose of.
6. Unsubscribe Functionality
Zen Inbox Cleaner offers an optional unsubscribe feature that follows the unsubscribe method specified by the sender in their email headers (List-Unsubscribe and List-Unsubscribe-Post, per RFC 2369 and RFC 8058). When you tap "Unsubscribe," the app uses the most direct method the sender supports, in this order:
- One-click unsubscribe (RFC 8058). If the sender supports one-click unsubscribe, the app sends a single standard HTTP POST request to the sender's unsubscribe URL on your behalf. The request body contains only the
List-Unsubscribe=One-Clickform parameter required by RFC 8058. No personal data, no Gmail or Google credentials, noAuthorizationheader, and no tracking identifiers are included. (Android additionally sends a standardUser-Agent: Zen-Inbox-Cleaner/1.0HTTP client identifier, which identifies the application — not you.) The request is sent directly from your device to the sender; we have no servers involved. - Browser redirect. If one-click unsubscribe is unavailable or fails (any non-2xx HTTP response), the app opens the sender's official unsubscribe webpage in your device's secure in-app browser —
SFSafariViewControlleron iOS, Chrome Custom Tabs on Android. You then complete the unsubscribe yourself on the sender's website. - Email (
mailto:) fallback. If neither of the above is available, the app opens an email composer pre-filled with an unsubscribe message addressed to the sender — presented in-app on iOS via the systemMFMailComposeViewControllerusing your default Mail account configuration, or handed off to your chosen mail client on Android via a standardmailto:intent. You review and send the email yourself.
In all three cases, the actual processing and honoring of the unsubscribe request is performed by the sender, not by Zen Inbox Cleaner. We do not collect, store, or transmit any additional personal data as part of this process beyond what is already present in the email's unsubscribe headers and what the sender's own unsubscribe mechanism requires.
7. Third-Party Sharing and Ads
- No data selling or transfer. We do not sell, trade, rent, or transfer your personal information to any third party. We do not use it to train AI/ML models, target advertising, or build user profiles.
- No ads. Zen Inbox Cleaner is a completely ad-free experience. No advertising SDKs are linked into the app.
- No tracking or analytics. We do not include third-party tracking, telemetry, or analytics SDKs that monitor your behavior. There is no Firebase Analytics, no Google Analytics, no Crashlytics, no Mixpanel, no AppsFlyer, no AdMob, and no equivalent in the iOS or Android build.
No external servers operated by us. Your device talks directly to the Gmail API.
Third-party dependencies are limited to well-known libraries:
- On iOS: AppAuth-iOS (OAuth handling) and GRDB.swift (local SQLite wrapper). The optional Zen Pro purchase uses Apple's first-party StoreKit 2 framework, which is part of iOS and not a third-party dependency.
- On Android: Google API client, AndroidX Security (token encryption), Room (local database), Koin (dependency injection), OkHttp (HTTP transport), Google Play Services Auth (OAuth sign-in), and the Google Play Billing Library (for the optional Zen Pro purchase).
The optional Zen Pro upgrade introduced no analytics, attribution, advertising, crash-reporting, or third-party billing-platform SDKs (such as RevenueCat) on either platform — purchases are handled solely by Apple's first-party StoreKit (iOS) and Google's Play Billing Library (Android). All dependencies are kept up to date to incorporate upstream security fixes.
8. Google API Services User Data Policy — Limited Use
Our use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. In particular:
- We use Google user data only to provide or improve user-facing features that are prominent in the application's user interface.
- We do not transfer this data to others except as necessary to provide or improve user-facing features, or to comply with applicable law.
- We do not use this data for serving advertisements, including retargeting, personalized, or interest-based advertising.
- We do not allow humans to read this data, except where we have your explicit consent for specific messages, where it is necessary for security purposes (such as investigating abuse), where it is necessary to comply with applicable law, or where the data has been aggregated and anonymized and is used for internal operations.
- We do not use Google user data for credit-worthiness or lending decisions.
9. Data Protection Mechanisms for Sensitive Data
We treat the following as sensitive: OAuth access tokens, OAuth refresh tokens, the cached email-metadata store, the sender-intelligence index, your Google account email address, and your cleaning history. The mechanisms below protect those categories at rest, in transit, and operationally.
9.1 Protection at rest
- OAuth tokens.
- iOS: OAuth state (access token + refresh token + expiry) and the cached account email are stored as separate items in the iOS Keychain. Keychain items are protected by hardware-backed encryption tied to the device's Secure Enclave and are only readable by this app's signed bundle identifier.
- Android: OAuth state and the cached account email are stored in
EncryptedSharedPreferences, which encrypts keys with AES-256 SIV and values with AES-256 GCM, using a master key backed by the Android Keystore (MasterKey.KeyScheme.AES256_GCM).
- Local cache stores. Both SwiftData/GRDB (iOS) and Room (Android) databases reside inside the application sandbox. On iOS the sandbox is protected by
NSFileProtectionComplete-class file protection by default; on Android the app's private data directory is only accessible to the app's UID and is wiped on uninstall. - No body content, no attachments. We never store, cache, or persist email body content or attachments.
- No tokens in logs. We do not log access tokens, refresh tokens, email body content, subjects, or addresses to disk in production builds.
9.2 Protection in transit
- All communication with Google APIs is conducted exclusively over HTTPS using TLS 1.2 or higher, with certificate validation enforced by the operating system. iOS App Transport Security (ATS) is left at its strict default — the app's
Info.plistdoes not declareNSAppTransportSecurityexemptions or arbitrary-loads allowances. - Unsubscribe POSTs (RFC 8058) and browser fallbacks use HTTPS where the sender supports it.
9.3 Operational protection
- Sensitive operations (token storage, network calls) are isolated in dedicated, reviewed modules.
- On iOS: Production builds are distributed exclusively through the Apple App Store after Apple's review process, and are signed with the developer's Apple-issued distribution certificate, which provides install-time integrity verification. Release builds are compiled with Swift's whole-module optimization. All sender-domain and email-address values that are logged via
AppLoggerare routed throughOSLogPrivacy.private, so they render as<private>in production Console output. - On Android: Production builds are signed with a private signing key held by the developer and distributed only through the Google Play Store, which provides additional install-time integrity verification. Release builds enable code shrinking and resource optimization via R8. Application loggers (Timber tree planting and Koin internal logging) are gated by
BuildConfig.DEBUG, so no development logging executes in release builds.
We continuously review these practices to ensure user data remains protected against unauthorized access, alteration, disclosure, or destruction.
If we ever become aware of an incident that may have exposed user data, we will notify affected users without undue delay and, where required, the appropriate authorities, in line with applicable data-protection law.
If a vulnerability is discovered in the app, we will publish a patched release through the relevant app store and, where appropriate, notify affected users through the app or our support email.
10. Children's Privacy
Zen Inbox Cleaner is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information through use of the app, please contact us and we will take appropriate steps to address the matter.
11. Contact
If you have any questions about this Privacy Policy or how your data is handled, please contact us at: support@zeninboxcleaner.com