Privacy Policy

Last updated: March 5, 2026

1. Introduction

GraceBox ("we," "our," "us") operates gracebox.app. This Privacy Policy explains how we collect, use, and protect your information when you use our AI-powered email civility firewall service.

By using GraceBox, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our service.

2. Information We Collect

Account Information

  • Google account email address, display name, and profile picture (collected via Google OAuth during sign-in)

Email Data

  • We access your Gmail through the Gmail API to screen emails from senders you designate
  • We process email headers (sender, subject) and body content solely to perform tone analysis and rewriting

Usage Data

  • Tone scores assigned to screened emails
  • Rewrite logs and processing timestamps
  • Your screened sender lists and preferences

3. How We Use Your Information

  • To screen and rewrite emails from your designated senders
  • To maintain your screened sender list and email processing logs
  • To manage your subscription and billing through Stripe
  • To provide customer support and respond to your inquiries

4. Email Processing & Data Retention

Email body content is sent to OpenAI's API for tone analysis and rewriting. Content is processed in real-time and is not stored by GraceBox beyond the time needed to complete processing.

Rewritten email text and tone scores are stored in our database to populate your activity log, so you can review past processing results.

Original emails remain in your Gmail account in the "GraceBox Originals" folder — we do not store original email content on our servers.

5. Third-Party Services

GraceBox relies on the following third-party services to operate:

  • Google Gmail API — for email access, reading, labeling, and processing
  • OpenAI — for AI-powered tone analysis and email rewriting
  • Stripe — for subscription billing and payment processing

Each of these third-party services has its own privacy policy governing their handling of your data. We encourage you to review their policies.

6. Data Security

We take the security of your data seriously. We use HTTPS encryption for all data transmission between your browser and our servers. OAuth tokens are stored securely and are never exposed to client-side code.

We do not sell, rent, or trade your personal information to any third party.

7. Your Rights

  • You can revoke Gmail access at any time through your Google Account permissions settings
  • You can delete your account and all associated data by contacting support@gracebox.app
  • You can request a copy of your stored data at any time by contacting support

8. Children's Privacy

GraceBox is not intended for users under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us so we can take appropriate action.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will post the revised policy on this page and update the "Last updated" date at the top. We encourage you to review this page periodically.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us: