Privacy Policy

Effective date: July 3, 2026

Outbox ("the app") is a native macOS application developed by Chris Maury ("we", "us"). This policy explains what data Outbox accesses, how it is used, where it is stored, and the choices you have. The short version: Outbox runs on your Mac. We operate no servers, and we never receive, collect, sell, or share your data. The only time your data leaves your device is to Google (to fetch your email), to your own iCloud (if you enable sync), and to the AI provider whose key you supply (to power AI features) — each described below.

1. Information Outbox accesses

When you connect a Google account, Outbox asks for your consent — via Google's OAuth 2.0 sign-in — to access the following Google user data:

Outbox also uses data that is not Google user data: your macOS calendar (via Apple's on-device EventKit, not the Google Calendar API) and audio you choose to record for meeting transcription. Outbox does not collect analytics, telemetry, usage tracking, or advertising identifiers.

2. How Outbox uses this data

Outbox never uses your data for advertising and never builds advertising profiles.

3. AI processing

Outbox's AI features (summaries, task extraction, drafting assistance) work by sending the relevant content — which may include email text and meeting transcripts — to Anthropic's Claude API. This uses your own Anthropic API key, which you provide and which is stored only in your Mac's Keychain. Outbox sends this data solely to provide the features you are using, at the moment you use them.

Limited Use disclosure. Outbox's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. In particular, Google user data is used only to provide and improve the user-facing features described above, is not transferred to others except as required to provide those features (i.e., to the AI provider whose key you supply) or with your consent, is not used for advertising, and is not read by humans except as permitted by that policy.

4. Where your data is stored

5. Sharing of data

We do not sell, rent, or share your Google user data with anyone. Because Outbox has no servers, we have no copy of your data and no access to it. The only parties that ever receive your data are the services you connect and control: Google (the source), your own iCloud (if you enable sync), and the AI provider whose API key you supply (to power AI features). None of these transfers are for advertising or resale.

6. Data retention and deletion

7. Security

Outbox uses Google's official OAuth 2.0 flow with PKCE — the app never sees or stores your Google password. Tokens and API keys are kept in the macOS Keychain, all network communication uses TLS, and local data is protected by macOS user-account security (and FileVault disk encryption, if enabled).

8. Children's privacy

Outbox is not directed at children under 13 and does not knowingly collect personal information from children.

9. Changes to this policy

If we change this policy, we will update this page and the effective date above. Material changes affecting how Google user data is handled will be prominently disclosed before they take effect.

10. Contact

Questions about this policy or your data? Email help@chrismaury.com.