Privacy Policy

1.1 Automatically Generated Information

• Temporary Email Addresses: Randomly generated email addresses created when you visit our service
• Email Content: Messages received at your temporary email address
• Technical Data: IP addresses, browser type, device information, and usage patterns

1.2 Optional Account Information (Premium Users)

• Authentication Data: When you sign in with Google, GitHub, or email, we collect your name, email address, and profile picture
• Payment Information: For Premium subscriptions, payment processing is handled by third-party providers (Stripe). We do not store your credit card information
• Custom Domains: Domain names you configure for your custom email addresses

1.3 Information You Provide

• Starred Messages: Emails you mark as important for extended retention
• Support Communications: Information you provide when contacting our support team

We use the collected information for the following purposes:

• Service Delivery: To provide and maintain our temporary email service
• Account Management: To manage user accounts, authentication, and subscriptions
• Feature Enhancement: To provide AI summaries and other premium features
• Security: To detect and prevent fraud, abuse, and unauthorized access
• Communication: To send service-related notifications and respond to support requests
• Analytics: To understand how users interact with our service and improve user experience
• Legal Compliance: To comply with applicable laws and regulations

3.1 Automatic Deletion

• Free Users: All emails are automatically deleted after 7 days
• Premium Users: All emails are automatically deleted after 90 days
• Starred Messages: Free users can star up to 5 messages; Premium users have unlimited starred messages. Starred messages are retained until manually deleted or account closure

3.2 Account Data

• Account information is retained as long as your account is active
• You can request account deletion at any time, which will permanently remove all associated data
• Deleted data cannot be recovered

3.3 Backup and Archives

Deleted data may remain in backups for up to 30 days before being permanently removed from all systems.

We implement industry-standard security measures to protect your data:

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS/SSL
• Encryption at Rest: All stored emails and personal data are encrypted using AES-256 encryption
• Access Controls: Strict access controls limit who can access user data
• Regular Audits: We conduct regular security audits and vulnerability assessments
• Secure Infrastructure: Our services are hosted on secure, enterprise-grade cloud infrastructure

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

We use the following third-party services:

• Authentication: Google OAuth, GitHub OAuth for user authentication
• Payment Processing: Stripe for subscription and payment management
• AI Services: OpenAI for email summarization features (Premium)
• Analytics: Privacy-focused analytics to understand service usage
• Email Infrastructure: Trusted email service providers for receiving emails

These third-party services have their own privacy policies. We recommend reviewing their policies to understand how they handle your data.

We use minimal cookies and tracking technologies:

• Essential Cookies: Required for authentication and basic service functionality
• Preference Cookies: To remember your language and theme preferences
• Analytics Cookies: To understand how users interact with our service (anonymized)

You can control cookies through your browser settings. Disabling essential cookies may affect service functionality.

Depending on your location, you may have the following rights:

• Access: Request access to the personal data we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your account and all associated data
• Portability: Request a copy of your data in a portable format
• Objection: Object to certain data processing activities
• Restriction: Request restriction of data processing
• Withdrawal: Withdraw consent for data processing at any time

To exercise these rights, please contact us at support@inboxto.app

Inboxto operates globally, and your data may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards, including:

• Standard contractual clauses approved by regulatory authorities
• Ensuring third-party processors maintain adequate data protection standards
• Hosting data in regions with strong data protection laws (primarily EU and US)

Inboxto is not intended for use by children under the age of 13 (or 16 in the European Economic Area). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will take steps to delete that information.

If you believe we have collected information from a child, please contact us at support@inboxto.app

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected and how it's used
• Right to delete personal information
• Right to opt-out of the sale of personal information (we do not sell data)
• Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at support@inboxto.app

If you are in the European Economic Area (EEA), we comply with the General Data Protection Regulation (GDPR). Our legal basis for processing your data includes:

• Contractual Necessity: Processing necessary to provide our service
• Legitimate Interest: For analytics, security, and service improvement
• Consent: For optional features like AI summaries and marketing communications
• Legal Obligation: To comply with applicable laws

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by:

• Updating the "Last updated" date at the top of this policy
• Posting a notice on our website
• Sending an email notification to registered users (for significant changes)

Your continued use of Inboxto after any changes constitutes acceptance of the updated Privacy Policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy inquiries within 30 days.