Privacy Policy

Last updated: March 1, 2025

1. Introduction

InboxPilot Inc. (“InboxPilot,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (inboxpilot.co), browser extensions, desktop applications, and related services (collectively, the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your name, email address, and profile information from your Google or Microsoft account if you choose to sign in via OAuth. We do not store your Google or Microsoft password.

2.2 Email Metadata

To provide email tracking services, we process limited email metadata such as recipient email addresses, subject lines, send timestamps, and open/click events. We do not read, store, or process the body content of your emails. Email body content is processed only transiently on your device for features like mail merge field insertion and is never transmitted to our servers.

2.3 Usage Data

We automatically collect certain information when you use the Service, including your IP address (anonymized after 30 days), browser type, operating system, referring URLs, pages viewed, features used, and timestamps. This data helps us improve the Service and diagnose technical issues.

2.4 Payment Information

If you purchase a paid plan, your payment information is processed by our payment processor (Stripe). We do not store your full credit card number, CVV, or billing address on our servers. We receive only a tokenized reference and the last four digits of your card for display purposes.

2.5 Cookies and Tracking Technologies

We use essential cookies for authentication and session management, functional cookies for user preferences, and analytics cookies (which can be opted out of) to understand Service usage. We do not use advertising cookies or sell data to third-party advertisers.

3. How We Use Your Information

We use collected information to:

  • Provide, operate, and maintain the Service
  • Process transactions and send related billing information
  • Send email tracking notifications and reports
  • Provide customer support and respond to inquiries
  • Analyze usage patterns to improve the Service
  • Detect, prevent, and address fraud, abuse, and technical issues
  • Send product updates and marketing communications (with opt-out option)
  • Comply with legal obligations

4. Data Sharing and Disclosure

We do not sell your personal information. We may share information with:

  • Service providers: Trusted third parties who assist us in operating the Service (hosting, analytics, payment processing, customer support). These parties are bound by confidentiality agreements.
  • Legal requirements: When required by law, court order, or governmental authority.
  • Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to affected users.
  • With your consent: For any other purpose disclosed at the time of collection.

5. Data Security

We implement industry-standard security measures including encryption at rest (AES-256) and in transit (TLS 1.3), regular security audits and penetration testing, SOC 2 Type II certification, role-based access controls, and real-time intrusion detection. While no method of transmission over the Internet is 100% secure, we strive to use commercially acceptable means to protect your data.

6. Data Retention

We retain your account data for as long as your account is active. Email tracking data (open/click events) is retained for 12 months on the Free plan and 24 months on paid plans. You can request deletion of your data at any time by contacting us or through your account settings. Upon account deletion, we remove your personal data within 30 days, with the exception of anonymized analytics and data required for legal compliance.

7. Your Rights (GDPR, CCPA, and Other Regulations)

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Delete your personal data (“right to be forgotten”)
  • Port your data to another service in a machine-readable format
  • Object to processing based on legitimate interests
  • Restrict processing under certain circumstances
  • Opt out of the sale of personal information (California residents under CCPA)

To exercise any of these rights, contact us at privacy@inboxpilot.co. We will respond within 30 days.

8. International Data Transfers

We primarily store data in the United States. For users in the European Economic Area (EEA) and United Kingdom, we use Standard Contractual Clauses approved by the European Commission to ensure adequate protection for data transfers outside the EEA.

9. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and, for significant changes, by sending you an email notification. Your continued use of the Service after changes constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

  • Email: privacy@inboxpilot.co
  • Address: InboxPilot Inc., 548 Market St, Suite 35000, San Francisco, CA 94104
  • Data Protection Officer: dpo@inboxpilot.co
← Back to Home