Legal
Privacy Policy
Last updated: March 31, 2026
At BoX41, your privacy is foundational — not an afterthought. This policy explains exactly what data we collect, how we use it, and the controls you have over it.
The short version
- ✓We only access subscription & billing emails — nothing else.
- ✓We never read personal messages, drafts, or contacts.
- ✓All data is encrypted in transit and at rest.
- ✓We never sell or share your data with third parties.
- ✓You can disconnect Gmail or delete your account anytime.
1. What We Access
BoX41 connects to your Gmail account with read-only access. We only scan emails that are related to subscriptions, billing, receipts, and invoices. We use specific search filters to retrieve only these messages.
We never read, store, or process your personal emails, messages to friends or family, drafts, sent mail, contacts, calendar events, or any other content unrelated to subscription billing.
We never read, store, or process your personal emails, messages to friends or family, drafts, sent mail, contacts, calendar events, or any other content unrelated to subscription billing.
2. How We Use Your Data
Data we collect is used solely to identify and track your active subscriptions and recurring charges. This includes:
We do not use your data to serve ads, build profiles for third parties, or train AI models on your personal information.
- Service name and subscription amount
- Billing cycle and payment dates
- Currency of charge
We do not use your data to serve ads, build profiles for third parties, or train AI models on your personal information.
3. Data Encryption & Security
All data is encrypted in transit using TLS 1.2 or higher. Data stored in our database is encrypted at rest. OAuth tokens used to access Gmail are stored with encryption and are never exposed in logs or to any third party.
We follow industry-standard security practices and conduct regular reviews of our data handling procedures.
We follow industry-standard security practices and conduct regular reviews of our data handling procedures.
4. Third-Party Sharing
We do not sell, rent, lease, or share your personal data with any third parties for their own purposes. Period.
We use a small number of infrastructure providers (such as our database and hosting provider) who process data solely on our behalf and are bound by strict data processing agreements. These providers do not have the right to use your data independently.
We use a small number of infrastructure providers (such as our database and hosting provider) who process data solely on our behalf and are bound by strict data processing agreements. These providers do not have the right to use your data independently.
5. Your Rights & Controls
You are in full control of your data at all times:
- Disconnect Gmail — Remove Gmail access at any time from your Settings page. This immediately revokes our access token.
- Delete your account — You can delete your BoX41 account and all associated data from Settings. Deletion is permanent and processed within 30 days.
- Export your data — Contact us to request a copy of all data we hold about you.
6. Data Retention
We retain your subscription data for as long as your account is active. If you delete your account, all personal data is permanently removed from our systems within 30 days. Anonymised, aggregated data (containing no personally identifiable information) may be retained for product analytics.
7. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or a prominent notice in the app before the changes take effect. The "Last updated" date at the top of this page will always reflect the most recent revision.
8. Contact Us
If you have questions about this Privacy Policy or your data, please contact us at privacy@boxai.app.