Mabel ← Back to home
Privacy

Privacy Policy

Effective June 6, 2026Last updated June 6, 2026

Mabel Inbox ("Mabel," "we," "us," or "our"), operated by [LEGAL ENTITY / Jamie Elgie] (the "Operator"), provides a desktop web application at mabelinbox.com that helps you organize and clean up your Gmail account. This Privacy Policy explains, in plain language, what the app does, what we access, what we do and do not store, and the rights and choices you have under United States and Canadian privacy law.

Our core design principle: your email is processed on your own device, and Mabel never changes anything without your review.

1. What Mabel does and how it works (plain-language summary)

Mabel is a tool that helps you tidy a messy Gmail inbox. Here is the entire flow, start to finish:

  1. You sign in with Google. Mabel uses Google's standard, secure sign-in. We never see your Google password.
  2. Mabel reads your mail in your browser. To suggest how to organize your inbox, Mabel needs to look at your messages — who sent them, the subject, and the contents. This reading happens locally, on your own computer, inside your web browser. Your emails are not sent to our servers to be processed.
  3. Mabel proposes changes — it does not make them yet. Based on what it reads, Mabel builds a list of suggestions: "label this," "archive that," "move this to Trash." It shows you each one in a review console.
  4. You approve (or reject) every change. Nothing happens to your actual mailbox until you say so. You stay in control of every label, archive, and deletion.
  5. Mabel carries out the changes you approved, by asking Gmail to apply them. Deletions go to Gmail's Trash (recoverable for about 30 days), not permanent erasure.
  6. Your rules sync through your own Google Drive. The organizing rules you build are saved in a private, app-only folder inside your Google Drive so they're the same on every device. We can't see into that folder.

That's it. Mabel is a local-first assistant: it reads on your device, suggests, waits for your approval, and acts. It does not warehouse your email.

2. Who we are and who this applies to

This policy applies to anyone who signs in to and uses Mabel Inbox. The Operator is the party responsible (the "data controller" / the organization "accountable" under Canadian law) for the limited personal information described here.

Mabel is not affiliated with, endorsed by, or sponsored by Google or Anthropic. Google is a trademark of Google LLC.

Privacy contact / Privacy Officer: [Name], [privacy@mabelinbox.com], [mailing address]. You can reach this contact for any question, request, or complaint about your personal information.

3. The personal information we handle

We deliberately keep this list short. We handle:

  • Account/identity basics from Google sign-in — such as the email address of the Google account you connect, used to authenticate you and act on your mailbox.
  • Email content, transiently — message senders, subjects, bodies, and metadata are read in your browser to generate recommendations. They are processed in memory and are not stored on our servers.
  • Your organization rules — stored in the app-private folder in your Google Drive, not on our servers.
  • Optional feedback and diagnostics — only if you choose to submit feedback (see Section 6).

We do not request or handle your Google contacts, calendar, Drive documents, photos, location, or payment card numbers.

4. The Google permissions we request, and why

When you sign in, Mabel asks for exactly two Google OAuth scopes — the minimum needed to work:

gmail.modify — read, label, and trash your mail. Lets Mabel list and read your messages (to classify them), apply or remove labels, archive messages, and move messages to Trash. Reading happens in your browser; mailbox changes happen only after you approve them.

drive.appdata — a hidden, app-private Drive folder. Lets Mabel save your rules so they sync across devices. This scope can access only the folder Mabel created for itself. It gives no access to your real Drive files — not to Mabel, not to anyone.

Mabel requests no other scopes.

Our access to and use of information from Google APIs adheres to the Google API Services User Data Policy, including its Limited Use requirements. We use Google user data only to provide and improve the inbox-organizing features you see, we do not transfer it except as needed to provide those features or as required by law, we do not use it for advertising, and no humans read your Google user data except with your explicit consent, to comply with law, or for security/abuse purposes as permitted.

5. What we store — and what we don't

  • We do not store the contents of your emails. They're processed transiently in your browser and not retained on our servers. Mabel has no server-side copy of your mailbox.
  • Your rules live in your Drive, not ours.
  • Authentication. Google issues a token to your browser so Mabel can act for the current session. We never receive or store your Google password.
  • No advertising or model-training use. We do not use your email contents to advertise to you, to build profiles, or to train machine-learning models.

6. Optional feedback and diagnostics

If you use the in-app Feedback button, your report is sent to [a private Google Sheet the Operator controls via Google Apps Script]. Before anything is sent, Mabel shows you exactly what will be attached. It can include:

  • your message and the category you chose (bug, confusing, idea, etc.);
  • diagnostic context: app version, browser and operating system, the current view, your rule settings, simple counts, your recent in-app actions, and any error messages the app captured.

You can untick your email address and the specific email you're viewing (which, if left on, includes only sender, subject, and a short snippet). Email bodies are never included in feedback. If you never use the Feedback button, none of this is collected. This is opt-in, and it's the only personal information we receive on our own systems.

We rely on your consent to access your Google account and to organize your mail, and on our legitimate interests / legitimate business need to keep the service secure and working. Under Canadian law (PIPEDA, and Quebec's Law 25 where applicable), we collect, use, and disclose personal information only for the purposes described here, and only with your knowledge and consent.

You may withdraw your consent at any time by revoking Mabel's access (Section 9) and ceasing to use the app. Withdrawing consent stops future processing; it doesn't affect anything already done with your prior approval.

8. Sharing and disclosure

We do not sell, rent, or trade your personal information, and we do not "share" it for cross-context behavioral advertising. We disclose information only:

  • to Google, through its APIs, as needed to provide the service;
  • to a service provider such as our feedback-log host ([Google Apps Script / Google Sheets]), acting on our instructions;
  • to comply with law, a lawful request, or to protect rights, safety, and security;
  • in a business transfer (merger, acquisition, or sale of assets), where the successor must honor this policy.

9. Your privacy rights and how to exercise them

You can exercise the rights below by contacting our Privacy Officer (Section 2). We will verify your request, respond within the time the law requires (generally 30 days under Canadian law and 45 days under California law, with permitted extensions), and not charge a fee except where allowed. We will not discriminate against you for exercising a right.

For everyone (and for Canadian users under PIPEDA / Quebec Law 25):

  • Access — ask what personal information we hold about you and how it's used and disclosed.
  • Correction — ask us to correct inaccurate or incomplete information.
  • Withdraw consent — at any time, as described in Section 7.
  • Challenge our compliance — raise a concern with our Privacy Officer; if unsatisfied, you may complain to the Office of the Privacy Commissioner of Canada (or your provincial commissioner, such as the Commission d'accès à l'information du Québec).
  • Data portability (where applicable, e.g., Quebec Law 25) — receive certain information in a structured, commonly used format.

For US state residents (e.g., California under the CCPA/CPRA, and similar laws in Colorado, Connecticut, Virginia, Utah, and others):

  • Right to know / access the categories and specific pieces of personal information we collect, use, and disclose.
  • Right to delete personal information we hold about you (subject to legal exceptions).
  • Right to correct inaccurate personal information.
  • Right to opt out of sale or sharingwe do not sell or share personal information, so there is nothing to opt out of, but you retain the right.
  • Right to non-discrimination for exercising your rights.
  • You may use an authorized agent to submit a request on your behalf.

Because most of what Mabel touches stays on your device or in your own Google account, the fastest way to exercise access/deletion over your mail and rules is directly in Google: review or remove your data at myaccount.google.com.

10. Cross-border processing (important for Canadian users)

The Operator is based in [the United States / Utah], and Google's APIs and our feedback-log provider may process data in the United States. If you are in Canada, this means your limited personal information may be processed and stored in the United States and could be accessible to US authorities under US law. By using Mabel, you acknowledge this cross-border transfer. We use providers that apply comparable safeguards by contract. [If you later determine you have Quebec users, complete a privacy impact assessment for transfers outside Quebec as Law 25 requires.]

11. Data retention

Because we don't store your email contents or your rules on our servers, there is nothing for us to retain there. Your rules persist in your own Google Drive until you delete them or revoke access. Optional feedback you submit is kept in our feedback log for [retention period, e.g., 24 months], then deleted or de-identified.

12. Security and breach notification

Mabel's local-first design keeps your email contents on your device. Connections to Google's APIs use HTTPS/TLS, and we minimize what we touch and store. No system is perfectly secure. If a breach of security safeguards involving personal information we control creates a real risk of significant harm, we will notify affected individuals and the relevant authorities (including the Office of the Privacy Commissioner of Canada and applicable US state regulators) as required by law, and keep records of breaches as PIPEDA requires.

13. Cookies, storage, and analytics

Mabel uses only the browser storage necessary to keep you signed in and remember your in-app preferences during a session. [State your actual practice. If you add web analytics on the marketing site or app — e.g., Google Analytics — disclose what it collects, the legal basis/consent mechanism, and how to opt out. For Quebec/EU-style consent, use an opt-in banner for non-essential cookies.]

14. Children's privacy

Mabel is intended for adults and is not directed to children. We do not knowingly collect personal information from anyone under [16 / the age required in your jurisdiction]. If you believe a child has used Mabel, contact our Privacy Officer and we will delete the information.

15. Changes to this policy

We may update this policy as the app evolves. We'll revise the "Last updated" date above and, for material changes, provide a more prominent notice [in-app / by email] and, where required, obtain fresh consent.

16. How to contact us

Questions, requests, or complaints about your privacy: contact our Privacy Officer at [privacy@mabelinbox.com], [mailing address]. Canadian users may also contact the Office of the Privacy Commissioner of Canada; California and other US state residents may contact their state Attorney General or privacy agency.