Privacy policy
Last updated: March 28, 2026 · Product: InboxPilot AI (Chrome extension) · eRevolutions India
This policy describes how the InboxPilot AI browser extension handles information. The extension is designed to minimize data exposure: it does not operate a dedicated InboxPilot backend server in the public release described here, and full email bodies are not uploaded as part of the default design.
Who we are
eRevolutions India offers InboxPilot AI. For privacy questions, contact contact@erevolutonsindia.com.
What the extension processes
On your device
- Settings, custom categories, rules, and related preferences.
- Encrypted API key material (see Encryption).
- A short-term classification cache to reduce duplicate requests.
- Anonymized behavior counters (for example opens and dwell) and rolling digest-style statistics, stored locally with caps.
Sent to AI providers (optional, your choice)
AI is opt-in: it remains disabled until you enable it, supply a provider API key, and acknowledge the notice in Options. When you use AI classification, only what is needed for a single list row may be sent to the provider you choose (for example OpenAI or Google Gemini):
- Email subject
- Sender string visible in the list (Gmail or Outlook on the web)
- A short preview of body text extracted from the list row (truncated; not the full MIME body)
- The text of the active instruction set (built-in mode name and instructions, or your custom instructions) so the model can follow your triage policy
Full email bodies and attachments are not persisted by InboxPilot and are not uploaded as part of this default design.
Legal basis and transparency
Where applicable, processing for AI features is based on your consent and configuration (your API key and toggles). You can disable AI at any time. Rules and UI behavior that rely only on local logic continue to work where applicable.
Storage locations
| Data | Where | Purpose |
|---|---|---|
| Settings, categories, rules | chrome.storage.sync | Cross-device preferences (subject to Chrome sync) |
| Encrypted API key | chrome.storage.sync | Store secret encrypted |
| Device key material | chrome.storage.local | AES-GCM key for encrypting the API key |
| Classification cache | chrome.storage.local | Reduce duplicate AI calls (time-limited) |
| Behavior events | chrome.storage.local | Relative priority (capped list) |
| Digest entries | chrome.storage.local | Aggregates |
Chrome profile and sync security apply. Third-party AI providers have their own privacy policies governing content you send when you enable AI.
Encryption
API keys are encrypted using AES-GCM before they are written to sync storage. This reduces casual inspection but does not replace operating-system and account security: anyone with full access to your Chrome profile could still use the extension while logged in as you.
Children
The extension is not directed at children under 13 (or the minimum age in your jurisdiction). Do not use it in violation of applicable child-privacy laws.
Changes
We will update this policy if we add features that change what is collected or processed—for example Gmail API OAuth, remote backends, analytics SDKs, or new data types. The “Last updated” date at the top will change when we publish revisions.
Related: Data retention · Data processing · Home