Privacy Policy — Zen Inbox Cleaner

Last Updated: June 13, 2026

At Zen Inbox Cleaner, we value your privacy and your peace of mind. Our app is built on the principle that your email data belongs to you. This Privacy Policy explains our commitment to transparency and how we handle your information.

1. Our Privacy-First Approach

Zen Inbox Cleaner is built with strict privacy principles. Your email data always stays inside your Google account and on your device. We operate no servers, databases, or cloud infrastructure that touch user data — all processing occurs on-device, and your email content and metadata never leave your device to any system we control. The only narrow exception is a small free-tier usage counter (a tally of emails trashed and bytes recovered — never any email content), which on iOS may sync across your own Apple devices through Apple's iCloud Keychain if you have it enabled. That stays entirely within your personal Apple account and never reaches us or any third party. See §4 for details.

2. Data We Access

Zen Inbox Cleaner only accesses the data strictly necessary to help you manage your inbox:

Zen Inbox Cleaner does not access or store email body content or attachments.

3. OAuth Scopes Requested

Zen Inbox Cleaner requests three Google OAuth scopes at sign-in. These scopes support the following functionality:

The app requests only the permissions essential to its core functionality. The optional Zen Pro in-app upgrade does not require any additional Google OAuth scopes; it is handled by the platform's built-in App Store (iOS) and Google Play (Android) services.

4. Local Data Storage

The app does not log access tokens, refresh tokens, email bodies, or personally identifying message content.

5. Data Deletion & Account Revocation

Because Zen Inbox Cleaner operates on-device and does not create or store user accounts on external servers, "deleting" your account is a matter of revoking permissions and clearing local data. You have several paths to do this — all of them are under your control.

Cleanup Rules (Gmail filters). If you created any Cleanup Rules, the underlying Gmail filters remain on your Google account even after you sign out, revoke access, or uninstall the app. To remove them either delete them from within the app (the Rules screen → tap a rule → Delete) before signing out or uninstalling, or remove them later from Gmail directly (Settings → Filters and Blocked Addresses).

Email recovery. Nothing is permanently deleted by the app. Emails the app moves to "Trash" remain there for 30 days under Google's standard Gmail retention policy, during which you can restore them from the official Gmail app or website.

Because Zen Inbox Cleaner operates entirely on-device, there is no server-side data to retain or dispose of.

6. Unsubscribe Functionality

Zen Inbox Cleaner offers an optional unsubscribe feature that follows the unsubscribe method specified by the sender in their email headers (List-Unsubscribe and List-Unsubscribe-Post, per RFC 2369 and RFC 8058). When you tap "Unsubscribe," the app uses the most direct method the sender supports, in this order:

  1. One-click unsubscribe (RFC 8058). If the sender supports one-click unsubscribe, the app sends a single standard HTTP POST request to the sender's unsubscribe URL on your behalf. The request body contains only the List-Unsubscribe=One-Click form parameter required by RFC 8058. No personal data, no Gmail or Google credentials, no Authorization header, and no tracking identifiers are included. (Android additionally sends a standard User-Agent: Zen-Inbox-Cleaner/1.0 HTTP client identifier, which identifies the application — not you.) The request is sent directly from your device to the sender; we have no servers involved.
  2. Browser redirect. If one-click unsubscribe is unavailable or fails (any non-2xx HTTP response), the app opens the sender's official unsubscribe webpage in your device's secure in-app browser — SFSafariViewController on iOS, Chrome Custom Tabs on Android. You then complete the unsubscribe yourself on the sender's website.
  3. Email (mailto:) fallback. If neither of the above is available, the app opens an email composer pre-filled with an unsubscribe message addressed to the sender — presented in-app on iOS via the system MFMailComposeViewController using your default Mail account configuration, or handed off to your chosen mail client on Android via a standard mailto: intent. You review and send the email yourself.

In all three cases, the actual processing and honoring of the unsubscribe request is performed by the sender, not by Zen Inbox Cleaner. We do not collect, store, or transmit any additional personal data as part of this process beyond what is already present in the email's unsubscribe headers and what the sender's own unsubscribe mechanism requires.

7. Third-Party Sharing and Ads

No external servers operated by us. Your device talks directly to the Gmail API.

Third-party dependencies are limited to well-known libraries:

The optional Zen Pro upgrade introduced no analytics, attribution, advertising, crash-reporting, or third-party billing-platform SDKs (such as RevenueCat) on either platform — purchases are handled solely by Apple's first-party StoreKit (iOS) and Google's Play Billing Library (Android). All dependencies are kept up to date to incorporate upstream security fixes.

8. Google API Services User Data Policy — Limited Use

Our use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. In particular:

9. Data Protection Mechanisms for Sensitive Data

We treat the following as sensitive: OAuth access tokens, OAuth refresh tokens, the cached email-metadata store, the sender-intelligence index, your Google account email address, and your cleaning history. The mechanisms below protect those categories at rest, in transit, and operationally.

9.1 Protection at rest

9.2 Protection in transit

9.3 Operational protection

We continuously review these practices to ensure user data remains protected against unauthorized access, alteration, disclosure, or destruction.

If we ever become aware of an incident that may have exposed user data, we will notify affected users without undue delay and, where required, the appropriate authorities, in line with applicable data-protection law.

If a vulnerability is discovered in the app, we will publish a patched release through the relevant app store and, where appropriate, notify affected users through the app or our support email.

10. Children's Privacy

Zen Inbox Cleaner is not directed to children under the age of 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information through use of the app, please contact us and we will take appropriate steps to address the matter.

11. Contact

If you have any questions about this Privacy Policy or how your data is handled, please contact us at: support@zeninboxcleaner.com