Tuck Sentinel

Privacy and Data Handling

Last updated: 2026-05-10. This policy explains what data Tuck Sentinel collects to deliver a QuickCheck, how it is handled, and how long it is kept.

1. Data we collect

Only the minimum needed to deliver the report:

  • Customer name and contact email.
  • One authorized target identifier (for example, hostname, customer-provided label, or domain name).
  • Provider/OS facts or email-sending provider/tool facts supplied by the customer.
  • Customer-reviewed and customer-redacted collector output, sanitized email-authentication headers, DNS facts, or equivalent evidence.
  • Report delivery notes and support/clarification questions.

2. Data we do not want

Do not submit passwords, SSH private keys, API tokens, OAuth tokens, .env files, shell history, database exports, DNS provider credentials, customer or end-user records, customer lists, campaign exports, full AWS credentials, payment-card data, or regulated/sensitive personal data.

If sensitive material is sent, we will stop work, delete or quarantine the material when feasible, notify you, and request a sanitized resend before continuing.

3. Transfer and storage

Evidence is accepted only through an approved private transfer path agreed at engagement time. Raw evidence is not pasted into public chats or marketing materials. Working files are kept in an access-restricted private workspace.

4. Third-party processors

Tally is used for server intake forms when applicable, and Stripe is used for payment processing and limited checkout intake fields. Do not submit passwords, keys, tokens, logs, raw evidence, attachments, payment-card data, customer lists, campaign exports, or sensitive customer records through the intake form, checkout, or by email. Payment-card details are handled by Stripe and should never be sent directly to Tuck Sentinel.

5. Retention and deletion

Default raw-evidence retention is 30 days after final report delivery or refund-window closure, whichever is later, unless you request earlier deletion or a different period is agreed in writing.

The final report may be retained for customer support and accounting unless you request deletion, subject to payment, refund, and accounting needs. Only anonymized operational metrics may be kept long-term.

6. Access and use

Access is limited to the operator/agent workflow needed to deliver the report. Customer evidence is not used to train models, produce public examples, or create testimonials without separate written permission.

7. Incident path

If we discover that sensitive information was mistakenly received or stored, we will stop work, notify you through the approved contact method, delete or quarantine the material where feasible, and request sanitized evidence.

8. Contact

Privacy questions and deletion requests: support@richgibbs.dev.

9. Inbox Cleanup privacy

The Inbox Cleanup product line ($19 Pack, $79 QuickCheck, $499 Enterprise) is designed so that mail content never leaves your Google account.

  • What we receive. Only the per-mailbox survey.json file produced by the read-only survey script you run yourself. survey.json contains counts and metadata only — sender domains, label/folder counts, age buckets, and rough size buckets. It does not contain message ids, subjects, sender display names, recipient lists, headers, or message bodies.
  • What we do not receive. No OAuth tokens, no refresh tokens, no Google account passwords, no app passwords, no message bodies, no attachments, no contact lists, no calendar data, no Drive data, and no third-party recipient data.
  • Tokens stay with the customer. You authorize the read-only survey script under your own Google account (or, for Enterprise, your own Google Workspace internal-app OAuth path). Tuck Sentinel does not host, hold, refresh, or proxy your OAuth grant.
  • Revocation. When the cleanup engagement is complete (or sooner), you revoke the survey script's OAuth grant in your Google account. We recommend revoking the grant as part of closing out the engagement.
  • Retention. The submitted survey.json file(s) and the written cleanup plan are kept for the same default retention window described in section 5 (30 days after final report delivery or refund-window closure, whichever is later), unless you request earlier deletion or a different period is agreed in writing. Only anonymized operational metrics may be retained long-term.
Back Terms of Service Authorization scope
Home · Inbox/DNS · Inbox Cleanup · Sample report · Authorization scope · Refund policy · Privacy · Terms
Tuck Sentinel — independent. Not affiliated with, endorsed by, or certified by Google, Yahoo, Microsoft, AWS, Cloudflare, Stripe, Tally, or any email or cloud provider. Contact: support@richgibbs.dev.