Skip to main content

Privacy Policy

Last Updated: March 2026

This Privacy Policy describes how Ono Kai Investments LLC ("we," "our," or "us") collects, uses, and shares information when you use Family Inbox ("the Service"). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, and any other information you provide during registration.

1.2 Email Content

To provide the Service, we access and process messages from connected inboxes that you explicitly authorize (for example, via email forwarding or OAuth-based access). Our systems are designed to identify and extract verification codes or authentication links from supported services. We do not store full email bodies. Only the extracted code (or relevant link) and minimal associated metadata required to deliver the Service are stored.

Access to email content is limited to messages relevant to verification codes or authentication links. The Service does not provide general inbox access or browsing functionality. We do not use email content for advertising, profiling, or marketing purposes. Any access is limited to the minimum scope required to deliver the Service.

1.3 Device Information

We collect information about your device, including device type, operating system, and device identifiers to provide and improve our Service.

1.4 Usage Information

We collect information about how you use the Service, including which verification codes you access and when you use the Service.

1.5 Analytics and diagnostics

We use PostHog (PostHog Inc.) for product analytics and diagnostics, including usage events, device and app version, and error reports. How PostHog processes data is described at posthog.com/privacy. We do not use analytics to read your email content, sell your data, or run ads.

2. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To process and deliver verification codes to you and your family members
  • Google user data accessed via the Gmail API is used solely to provide the core functionality of the Service (retrieving and delivering verification codes) and is not used for advertising, profiling, or any unrelated purposes.
  • To communicate with you about the Service, including updates and support
  • To detect, prevent, and address technical issues
  • To ensure the security and integrity of the Service

What we do NOT do with your information:

  • We do not sell your personal data or email content.
  • We do not use your data for advertising or cross-service tracking.
  • We do not train machine learning models using your private email content.

Google API Services Disclosure

Family Inbox's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Family Inbox only uses Google user data to provide the functionality described in this Privacy Policy and does not use this data for advertising, profiling, or training generalized machine learning models.

3. Information Sharing

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • With Family Members: Verification codes and related information are shared with members of your family group as configured in your account.
  • Service Providers: We may share information with vendors who help us run the Service (hosting, email, authentication, analytics including PostHog). They may only use your information as we direct and must protect it.
  • Legal Requirements: We may disclose information if required by law or in response to valid legal requests.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Sensitive data such as OAuth tokens is encrypted prior to storage using industry-standard encryption methods. Data is also protected at rest and in transit via our infrastructure providers and HTTPS (TLS). However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

5. Data Retention

We retain your personal information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy. When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal purposes.

Verification codes and related metadata are retained only for a short duration necessary to deliver the Service and support limited troubleshooting, after which they are deleted or anonymized.

You may delete your account at any time through the Service settings or by contacting us. Account deletion will remove associated personal information in accordance with our retention policies.

6. Your Rights

Depending on your location, you may have certain rights regarding your personal information, including:

  • The right to access your personal information
  • The right to correct inaccurate information
  • The right to delete your personal information
  • The right to object to or restrict processing of your information
  • The right to data portability

If you are a resident of California, the European Union, or other regions with data protection laws, you may have additional rights under applicable privacy regulations, including the CCPA and GDPR.

To exercise these rights, please contact us using the information provided in the "Contact Us" section below.

Users may revoke Google account access at any time through their Google account permissions page or by disconnecting Gmail within the Family Inbox application. Disconnecting revokes our refresh token with Google, removes stored tokens from our systems, clears the connected email address we held for that inbox, and deletes associated message-processing metadata we used for deduplication.

7. Children's Privacy

The Service is intended for use by adults and families. We do not knowingly collect personal information directly from children under the age of 13. Accounts and inbox connections must be created and managed by a parent or legal guardian.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Ono Kai Investments LLC
Email: hello@familyinbox.app