Security & Privacy

Inbox Sentinel connects to your Outlook account using Microsoft's standard OAuth 2.0 authorization flow. You log in directly with Microsoft — your password is never entered into or stored by Inbox Sentinel.

The access tokens we receive are encrypted at rest and used only to move emails between your folders. You can revoke access at any time from your Microsoft account's connected apps settings.

Inbox Sentinel only moves emails from one folder to another. It does not delete, archive to trash, or modify the content of any message. Every action is a folder move — nothing is permanently removed from your account.

Every folder move logged by Inbox Sentinel can be undone within 48 hours. From your dashboard, you can reverse any move with a single click — returning the email to its original folder.

To operate the service, we store:

• Your email address (for account lookup and billing)
• Encrypted OAuth refresh/access tokens (to connect to your Outlook account)
• Email metadata for moved messages (message ID, subject line, category, folder IDs) — not email body content
• Subscription status (managed via Stripe)

We do not store the full body or attachments of any email. Data is stored on servers located in the EU.

All data is encrypted at rest and in transit over HTTPS/TLS. OAuth tokens are stored encrypted. The application enforces authentication on all account endpoints — your data is not accessible to other users.

You can cancel your subscription at any time. To request deletion of all stored data associated with your account, contact support@theinfopower.dev. We will process deletion requests within 14 days.

Questions or concerns?

We take security reports seriously. If you've found a vulnerability or have a privacy concern, please reach out.