Privacy Policy
Effective date: July 3, 2026
Outbox ("the app") is a native macOS application developed by Chris Maury ("we", "us"). This policy explains what data Outbox accesses, how it is used, where it is stored, and the choices you have. The short version: Outbox runs on your Mac. We operate no servers, and we never receive, collect, sell, or share your data. The only time your data leaves your device is to Google (to fetch your email), to your own iCloud (if you enable sync), and to the AI provider whose key you supply (to power AI features) — each described below.
1. Information Outbox accesses
When you connect a Google account, Outbox asks for your consent — via Google's OAuth 2.0 sign-in — to access the following Google user data:
- Your email, read-only (
https://www.googleapis.com/auth/gmail.readonly) — read access to the messages in the Gmail account you connect. Outbox cannot modify, send, or delete your mail. - Your email address (
https://www.googleapis.com/auth/userinfo.email) — the address identifying the connected account. - Your basic profile (
https://www.googleapis.com/auth/userinfo.profile) — your name and basic account info, to distinguish connected accounts.
Outbox also uses data that is not Google user data: your macOS calendar (via Apple's on-device EventKit, not the Google Calendar API) and audio you choose to record for meeting transcription. Outbox does not collect analytics, telemetry, usage tracking, or advertising identifiers.
2. How Outbox uses this data
- Understanding your inbox. Your Gmail messages are read to display them, highlight messages that need attention, and extract tasks, action items, and context related to your meetings and projects.
- Meeting notes. Meetings you record are transcribed and turned into structured notes and summaries.
- Tasks and follow-ups. Outbox derives tasks and suggested follow-ups from your email and meetings.
- Account identification. Your email address and profile label each connected account.
Outbox never uses your data for advertising and never builds advertising profiles.
3. AI processing
Outbox's AI features (summaries, task extraction, drafting assistance) work by sending the relevant content — which may include email text and meeting transcripts — to Anthropic's Claude API. This uses your own Anthropic API key, which you provide and which is stored only in your Mac's Keychain. Outbox sends this data solely to provide the features you are using, at the moment you use them.
- This data is not used to serve advertising.
- It is not read by the developer — it goes directly from your Mac to Anthropic.
- It is not used to develop, train, or improve generalized or non-personalized AI/ML models.
- Anthropic processes it as a service provider under Anthropic's API terms and privacy policy.
- If you do not configure an AI key, no data is sent to any AI provider and AI features are disabled.
4. Where your data is stored
- OAuth tokens and your AI API key are stored in the macOS Keychain, encrypted by the operating system.
- App data — your notes, tasks, and content derived from your email and meetings — is stored locally on your Mac. If you enable iCloud sync, this data also syncs through your own private iCloud account (Apple CloudKit), so it is available across your devices. This is Apple's infrastructure under your control; the developer has no access to it.
- Nothing is stored on our servers. Outbox has no backend of its own. Your data is transmitted only between your Mac and Google, your iCloud, and your chosen AI provider, over encrypted (HTTPS/TLS) connections.
5. Sharing of data
We do not sell, rent, or share your Google user data with anyone. Because Outbox has no servers, we have no copy of your data and no access to it. The only parties that ever receive your data are the services you connect and control: Google (the source), your own iCloud (if you enable sync), and the AI provider whose API key you supply (to power AI features). None of these transfers are for advertising or resale.
6. Data retention and deletion
- Removing a Google account from Outbox deletes its OAuth tokens from your Keychain and stops all further access.
- You can delete notes, tasks, recordings, and other data within the app; deleting the app removes its local data from that Mac.
- If iCloud sync is enabled, deletions propagate through your iCloud; you also control that data directly in your Apple account.
- You can revoke Outbox's access to your Google account at any time at myaccount.google.com/permissions.
- Outbox never deletes or alters the mail in your Google account — its Gmail access is read-only.
7. Security
Outbox uses Google's official OAuth 2.0 flow with PKCE — the app never sees or stores your Google password. Tokens and API keys are kept in the macOS Keychain, all network communication uses TLS, and local data is protected by macOS user-account security (and FileVault disk encryption, if enabled).
8. Children's privacy
Outbox is not directed at children under 13 and does not knowingly collect personal information from children.
9. Changes to this policy
If we change this policy, we will update this page and the effective date above. Material changes affecting how Google user data is handled will be prominently disclosed before they take effect.
10. Contact
Questions about this policy or your data? Email help@chrismaury.com.