Skip to main content

Privacy Policy

Last updated: April 2, 2026

1. Introduction

GroupMailBox ("we," "our," or "us") operates the GroupMailBox Chrome extension and the GroupMailBox website. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our products and services.

2. Information We Collect

2.1 Chrome Extension Data

When you use the GroupMailBox Chrome extension, we collect:

  • Facebook Group member request data visible to you as a group admin (names, profile URLs, screening question answers)
  • Your Google account information (email address) for Sheets authentication
  • Extension settings and preferences

2.2 Website Data

When you visit our website, we may collect:

  • Browser type and version
  • Pages visited and time spent
  • Referring website
  • Email address (if you subscribe to our newsletter)

3. How We Use Your Information

  • To provide the lead capture and Google Sheets integration functionality
  • To authenticate your Google account via OAuth2
  • To store your extension settings and preferences
  • To improve our products and services
  • To send you product updates and support communications

4. Google API Usage Disclosure

GroupMailBox uses the Google Sheets API to push captured lead data to your Google Sheets. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only request the minimum permissions necessary (Google Sheets read/write)
  • We do not use Google user data for advertising purposes
  • We do not sell Google user data to third parties
  • We do not use Google user data for any purpose other than providing the GroupMailBox service

5. Data Storage and Security

Your data is stored securely using Supabase, which provides encrypted database storage. All data transmission between the extension, our servers, and Google APIs uses HTTPS encryption.

  • Database: Supabase (PostgreSQL with row-level security)
  • Authentication: Google OAuth2 with encrypted tokens
  • Transmission: HTTPS/TLS encryption
  • Extension data: Stored locally in Chrome storage API

6. Data Retention and Deletion

We retain your data for as long as you maintain an active account. You can request deletion of your data at any time by contacting us at support@groupmailbox.com.

When you uninstall the extension, locally stored data (Chrome storage) is automatically removed. Server-side data will be deleted within 30 days of account deletion request.

7. Third-Party Services

We use the following third-party services:

  • Supabase — Database and authentication infrastructure
  • Google Sheets API — To push lead data to your spreadsheets
  • Google OAuth2 — For secure authentication

8. GDPR Rights (EEA Users)

If you are located in the European Economic Area, you have the following rights:

  • Right of Access — Request a copy of your personal data
  • Right to Rectification — Request correction of inaccurate data
  • Right to Erasure — Request deletion of your personal data
  • Right to Restrict Processing — Request limitation of data processing
  • Right to Data Portability — Request transfer of your data
  • Right to Object — Object to processing of your personal data

To exercise any of these rights, contact us at support@groupmailbox.com.

9. Children's Privacy

Our services are not intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

11. Contact Us

If you have any questions about this Privacy Policy, please contact us at support@groupmailbox.com.