Privacy Policy

Last updated: January 26, 2026

1. Introduction

InboxPath ("we," "our," or "us") operates the website and service located at inboxpath.io (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

We collect information that you provide directly to us, including:

  • Account Information: Name, email address, username, and password when you register for an account
  • Profile Information: First name, last name, and any additional information you choose to provide
  • Contact Information: Email addresses and contact details you provide for email discovery and campaign purposes
  • Payment Information: Billing address and payment method details (processed securely through Stripe, we do not store full credit card numbers)
  • Communication Data: Information you provide when contacting us for support

2.2 Information Collected Automatically

When you use our Service, we automatically collect certain information, including:

  • Usage Data: Information about how you access and use the Service, including pages visited, features used, and time spent
  • Device Information: IP address, browser type, operating system, device identifiers, and mobile network information
  • Log Data: Server logs, including access times, pages viewed, and error logs
  • Cookies and Tracking Technologies: We use cookies, web beacons, and similar technologies to track activity and hold certain information

2.3 OAuth Integration Information

When you connect your email account (Gmail, Outlook) via OAuth:

  • OAuth Tokens: We store encrypted OAuth access and refresh tokens to enable email sending functionality
  • Email Account Information: Email address associated with your connected account
  • Email Metadata: Information about emails sent through our Service (subject, recipient, timestamp, open/click tracking)

Important: We never store your email account passwords. All OAuth tokens are encrypted and stored securely.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Service Provision: To provide, maintain, and improve our email discovery and campaign management services
  • Email Sending: To send emails on your behalf through your connected email accounts using OAuth integration
  • Account Management: To create and manage your account, process transactions, and send administrative information
  • Communication: To respond to your inquiries, provide customer support, and send service-related communications
  • Analytics and Improvement: To analyze usage patterns, improve our Service, and develop new features
  • Security: To detect, prevent, and address technical issues, fraud, and security threats
  • Legal Compliance: To comply with legal obligations, enforce our Terms of Service, and protect our rights
  • Marketing: To send you promotional communications (you may opt out at any time)

4. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

4.1 Service Providers

We may share information with third-party service providers who perform services on our behalf, including:

  • Payment Processing: Stripe for processing payments (subject to Stripe's privacy policy)
  • Email Services: Trusted providers for transactional and campaign emails
  • Email Discovery: Trusted third-party providers for AI-powered email verification and discovery
  • Hosting and Infrastructure: Railway for hosting and infrastructure services
  • Analytics: Third-party analytics services to help us understand Service usage

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

4.2 OAuth Providers

When you connect your email account via OAuth (Google, Microsoft), your information is subject to their respective privacy policies:

  • Google Privacy Policy: https://policies.google.com/privacy
  • Microsoft Privacy Policy: https://privacy.microsoft.com/privacystatement

4.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to:

  • Comply with legal obligations
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing
  • Protect the personal safety of users or the public

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: OAuth tokens and sensitive data are encrypted at rest and in transit using industry-standard encryption
  • Access Controls: Limited access to personal information on a need-to-know basis
  • Secure Infrastructure: Hosting on secure, compliant infrastructure with regular security updates
  • Password Security: Passwords are hashed using bcrypt and never stored in plain text
  • Regular Audits: Regular security assessments and vulnerability testing

Important: While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our Service to you
  • Comply with legal obligations
  • Resolve disputes and enforce our agreements
  • Maintain business records for legitimate business purposes

When you delete your account, we will delete or anonymize your personal information, except where we are required to retain it for legal or legitimate business purposes.

7. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

7.1 Access and Portability

You have the right to access and receive a copy of your personal information.

7.2 Correction

You can update or correct your account information at any time through your account settings.

7.3 Deletion

You can request deletion of your account and personal information by contacting us at support@inboxpath.io. We will delete your information subject to legal retention requirements.

7.4 OAuth Disconnection

You can disconnect your OAuth integrations (Gmail, Outlook) at any time through your account settings. This will revoke our access to your email account.

7.5 Marketing Communications

You can opt out of marketing emails by clicking the unsubscribe link in any marketing email or by contacting us.

7.6 Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect Service functionality.

7.7 GDPR Rights (EU Users)

If you are located in the European Economic Area, you have additional rights under GDPR, including the right to:

  • Object to processing of your personal information
  • Request restriction of processing
  • Data portability
  • Lodge a complaint with a supervisory authority

8. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using our Service, you consent to the transfer of your information to these countries.

We take appropriate safeguards to ensure your information receives adequate protection, including:

  • Using standard contractual clauses approved by relevant data protection authorities
  • Ensuring service providers are bound by appropriate data protection agreements

10. Third-Party Services

Our Service contains links to and integrates with third-party services. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of third-party services you use, including:

  • Google: https://policies.google.com/privacy
  • Microsoft: https://privacy.microsoft.com/privacystatement
  • Payment processor: https://stripe.com/privacy
  • Email verification and discovery providers: We use trusted partners for verification; their policies apply to data they process.

11. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

To exercise these rights, contact us at support@inboxpath.io.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

  • Posting the new Privacy Policy on this page
  • Updating the "Last updated" date
  • Sending you an email notification (for material changes)
  • Displaying a notice on our Service (for significant changes)

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@inboxpath.io
Website: https://inboxpath.io

We will respond to your inquiry within a reasonable timeframe and in accordance with applicable data protection laws.

14. Disclaimer

This Privacy Policy is provided for informational purposes. While we strive to protect your information, we cannot guarantee absolute security. You use our Service at your own risk. We are not liable for any unauthorized access, use, or disclosure of your information that occurs despite our security measures.