Privacy Policy

Last updated: December 1, 2025

1. Introduction

QQuadro ("we", "us", or "our") operates BOBinbox (the "Service"), an email management platform accessible at qquadro.com. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Google API Services Usage Disclosure

BOBinbox uses Google API Services to provide email management functionality. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Google OAuth2 Scopes We Request:

gmail.send

Allows BOBinbox to send emails on your behalf. This is used for composing and sending new emails, replying to conversations, and scheduling email campaigns.

gmail.readonly

Allows BOBinbox to read your emails. This is used to display your inbox, sync conversations, detect replies, and provide the unified inbox functionality.

gmail.modify

Allows BOBinbox to modify email labels and message status. This is used for organizing emails, marking messages as read/unread, and managing conversation threads.

3. Information We Collect

Personal Information

  • Email address and name (provided during registration)
  • Account credentials (passwords are hashed, never stored in plain text)
  • Organization and team information

Email Data (via Google OAuth2)

  • Email content, subject lines, and metadata for display in our interface
  • Email addresses of senders and recipients
  • Attachment information
  • Email labels and folder organization

Technical Information

  • IP addresses and browser information
  • Device type and operating system
  • Usage data and analytics

4. How We Use Your Information

We use the collected information to:

  • Provide and maintain the BOBinbox email management service
  • Display your emails in a unified inbox interface
  • Send emails on your behalf when you compose messages
  • Sync your email accounts and maintain conversation threads
  • Provide email scheduling and campaign management features
  • Detect and track email replies and bounces
  • Improve and optimize our Service
  • Communicate with you about service updates

5. Data Security

We implement industry-standard security measures to protect your data:

  • OAuth2 Authentication: We use Google's OAuth2 protocol - we never see or store your Google password
  • Token Encryption: OAuth2 access tokens are encrypted at rest using AES-256 encryption
  • Secure Transmission: All data is transmitted over HTTPS/TLS
  • Database Security: Data is stored in Supabase with row-level security policies
  • Access Controls: Multi-tenant architecture ensures users can only access their own data

6. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties.

We may share your information only in the following circumstances:

  • Service Providers: With trusted third-party services that help us operate our platform (e.g., Supabase for database hosting)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you explicitly authorize us to share information

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing of your personal data
  • Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, please contact us at difelice@qquadro.com

8. Revoking Google Access

You can revoke BOBinbox's access to your Google account at any time:

  1. Visit your Google Account's Security settings at myaccount.google.com/permissions
  2. Find "BOBinbox" or "bobinbogoogleauth" in the list of connected apps
  3. Click on it and select "Remove Access"

Once revoked, BOBinbox will no longer be able to access your Gmail data. You can also delete your account from within the BOBinbox settings to remove all stored data.

9. Data Retention

We retain your personal data for as long as your account is active or as needed to provide you with our services. Email data synced from your Google account is retained to provide the unified inbox functionality.

Upon account deletion, we will delete your personal data within 30 days, except where we are required to retain it for legal or regulatory purposes.

10. Cookies and Tracking

We use essential cookies to maintain your session and provide core functionality. We may also use analytics cookies to understand how users interact with our Service.

You can control cookie settings through your browser preferences.

11. Children's Privacy

BOBinbox is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If you become aware that a child has provided us with personal data, please contact us.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Data Protection Authority: You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali) if you believe your rights have been violated.