🎉 Latest News! InMoat is now verified by Google after passing an independent security assessment designed with your security and privacy in mind. Read more.

Your Privacy

Your Email, Your Data, and Your Privacy. Our commitment to data transparency.

We’re All About Transparency

InMoat - Build a moat for your inbox.
We consider your privacy to be our top priority. 

We will always be committed to maintaining the highest level of transparency and integrity when it comes to our user’s data.

Let’s be Clear

InMoat does NOT and will NEVER save, store, delete, edit, sell, or analyze your email data in any capacity beyond our publically advertised promise. InMoat’s Smart Filters temporarily scan and filter email data in order to satisfy the core functions required to effectively organize your inbox.

Want to learn more about our commitment to data integrity and security? Click here to review our Privacy Policy.

Our Commitment to Our Customers

  • InMoat’s email extension uses OAuth 2.0 to connect InMoat to your existing Gmail or Outlook inbox. Authentication with OAuth 2.0 ensures that your password can never be exposed, stored, or shared on InMoat’s database or servers.

  • InMoat only gathers email data via secure Gmail APIs, and secure IMAP Outlook APIs over SSL connections.

  • All data used by InMoat is transferred via end-to-end SSL/TLS encrypted protocols, meaning your raw data can never be exposed.

  • InMoat will always use private servers and networks, minimizing the potential for any public threats or exposures.

  • We use industry-standard security protocols and anti-breach techniques.

  • InMoat will always support the latest in anti-spam and data governance regulations, including GDPR, CCPA, and CASL compliance.
Commitment To Our Customers Security Overview

How InMoat uses your data

To Identify Unsolicited Emails

Upon signing up, InMoat’s AI analyzes your historical inbox email metadata (ie: email addresses you’ve previously interacted with, frequency of interaction, email headers, subject lines, etc) in order to distinguish when an incoming email is from a trusted source; such as your boss, colleague, clients, vendors, etc.

If an email is from a Trusted Source, we will NEVER view, save, or touch the email in any way, shape, or form. All emails from Trusted Sources are left in your inbox for your eyes only.

This allows InMoat to distinguish your necessary emails from your unsolicited & unwanted emails.

How InMoat Identifies Unsolicited Emails
How InMoat Scans Unsolicited Emails

To Analyze Unsolicited Emails

When you receive an unsolicited email, InMoat’s Smart Filtering technology will only analyze the body content of the email based on your Smart Filter preferences. There is no human intervention whatsoever or the ability for an employee of InMoat to view, scan, or access your email content. As an extra step for safety, InMoat’s AI engine is fully encrypted on private servers and networks unreachable by the public.

Note: Your unsolicited emails will only be analyzed once you set up a Smart Filter in your InMoat dashboard. If you do not have any Smart Filters selected, InMoat will be unable to scan, filter, or organize any of your unsolicited emails.

To Filter Unsolicited Emails

InMoat will never delete your emails whether relevant or not. Instead, InMoat simply re-routes your irrelevant and unwanted emails to the @InMoat folder located within your inbox for your later viewing.

All relevant emails are left untouched in your primary inbox.

How InMoat Filters Unsolicited Emails
InMoat Will never Use Your Data for AI

Is my data used to improve InMoat’s AI?

No! We never save, store, or sell your data. This means that we will never use your data for Artificial Intelligence or Machine Learning training or product enhancements unless we receive your direct written consent.

InMoat’s AI-engine was built on predefined models that have been trained using millions of sample email data points that were developed over the past three years. There is no human intervention when InMoat analyzes your emails. If you believe an email was incorrectly filtered or want to improve or customize your InMoat Smart Filtering experience, please contact us support@inmoat.com.

InMoat’s Email Reporting & Insights

InMoat collects non-personally identifying numerical and statistical data in order to provide you analytics and insight into your inbox productivity (eg. Total number of emails you received, how many emails were from Trusted Sources, how many emails were irrelevant, how much time saved, etc).

We never view, modify, nor delete the content of your emails while being counted.

InMoat Reporting and Insights

InMoat and Data Permissions

User Data Policy

InMoat’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. These same protections are applied to all other email services that are integrated with InMoat.

What permissions does InMoat need?

Both Microsoft 365 (Outlook) and G-suite (Gmail) use the OAuth 2.0 authentication and authorization protocol to securely connect to their email applications. The OAuth 2.0 protocol is an industry standard that ensures that your valuable and private login information is never shared with InMoat.

When you sign up to InMoat, we request access to your mailbox using “Access Tokens”. Access tokens are fully encrypted and never shared with any third party, person, or InMoat employee. We have developed processes and policies to ensure that token data is only accessible by InMoat’s Head of Engineering.

In order for InMoat to identify, categorize, and filter your unsolicited emails, we need permission to access your mailbox, including but not limited to, your email address, email header data, email settings, and body content of certain emails. We will never use, sell, save, store, or delete your data for any purpose beyond our core features and functionalities.

For Microsoft 365, InMoat uses standard IMAP protocol (via Microsoft 365 Mail APIs) in order to connect to users’ mailbox. For G-Suite, InMoat uses Gmail APIs (gmail.modify scope) in order to connect to users’ mailbox.

Below are the permissions that InMoat will request access to:

For Gmail Users

InMoat - GMail Permissions

Click here to read more about the Gmail OAuth scopes.

You can view your Google App permissions or revoke access to InMoat at any time here.

For Outlook365 Users

How InMoat Uses Outlook OAuth

Click here to read more about the Microsoft OAuth scopes and permissions.

You can view your Microsoft App permissions or revoke access to InMoat at any time here.

What data do we store?

The only data we do store is completely anonymous numerical data. A few examples include the total number of emails received, the total number of emails filtered by InMoat, and the total number of emails from your Trusted Sources.

This data allows us to calculate how much time on average you are saving by using InMoat, as well as to present you with visual charts within your InMoat dashboard.

Want to know more about InMoat’s Security?

If you have any questions or concerns about how InMoat works or our security approach that focuses on security governance, risk management, and compliance, please contact us at support@inmoat.com