Inbox Zen

Privacy Policy

INBOXZEN PRIVACY POLICY

At InboxZen, we respect your privacy and are committed to protecting your personal data. This privacy policy explains how we collect, use, and safeguard your information when you visit our website or use our services. It also outlines your privacy rights and how the law protects you.

1. Important Information and Who We Are

1.1 Purpose of This Privacy Policy

This privacy policy provides information on how InboxZen collects and processes your personal data through your use of our website, our services, or other interactions with us.

1.2 Controller

If you are a registered customer of InboxZen, we act as the 'data controller' of personal data about you and your use of InboxZen. However, for data you submit to InboxZen to use our services (e.g., emails, calendar data), we act as a 'data processor'. If we are not the data controller, please contact the respective controller party regarding your rights.

If you have any questions about this privacy policy or wish to exercise your legal rights, please contact us using the details below.

1.3 Contact Details

We are: InboxZen, and you can reach us at [email protected] for any privacy-related inquiries.

You have the right to file a complaint with your local data protection authority. However, we encourage you to contact us first to resolve any concerns.

1.4 Changes to the Privacy Policy

This policy was last updated on April 28, 2025. If we make significant changes, we will notify you via email or our website. Continued use of our services after changes means you accept the revised policy.

2. The Data We Collect About You

We may collect and process different types of personal data, including:

  • Contact Data: Name, role, email address, phone number.
  • Financial Data: Billing details, bank card information.
  • Correspondence Data: Emails, notes from conversations.
  • Usage Data: How you interact with our website or services.
  • Technical Data: IP address, browser type, operating system, device information.

We may aggregate or anonymize data to analyze and improve our services without identifying individuals.

3. How We Collect Your Data

We collect data through:

  • Direct interactions: When you sign up, contact us, or use our services.
  • Automated technologies: Cookies and tracking technologies collect usage and technical data.
  • Third parties: We may receive analytics data from providers like Google.

For cookie-related details, see our Cookie Policy.

4. How We Use Your Data

We process your personal data based on:

  • Contractual necessity: To provide our services.
  • Legitimate interests: Improving our services, responding to inquiries.
  • Legal obligations: Complying with regulatory requirements.

If you need more details on specific legal grounds, please contact us.

5. Data Shared with Third-Party AI Models

5.1 Data Shared with AI Models

To provide categorization and draft reply functionalities, our services use third-party AI models. We require these AI providers to use your data solely for providing our services and not for model training.

The following data types may be shared:

  • Emails: Subject lines, body text, sender and recipient details.
  • Calendar Data: Event titles, dates, and times.
  • Audio Data: Transcriptions from recorded meetings (where applicable). Before submitting such data, ensure you have the necessary permissions from third parties.

5.2 User Consent for AI Processing

We seek explicit user consent before sharing data with AI models. A consent prompt appears during setup or significant policy updates.

5.3 AI Data Retention

Our AI providers have a zero data retention policy, meaning they do not store your data on their servers.

6. Sharing Your Data

We may share your data with:

  • Service providers (IT support, email management, analytics) located in various regions, including the US.
  • Analytics and advertising partners to understand user behavior.
  • Potential business buyers in case of a sale or merger.

All third parties must follow strict confidentiality and security agreements.

7. International Data Transfers

If we transfer data outside the EEA, we ensure equivalent protection through:

  • Standard contractual clauses approved by the European Commission.
  • EU-US Data Privacy Framework compliance for US-based providers.

Contact us for details on specific transfer mechanisms.

8. Data Security

We implement security measures to prevent unauthorized access, loss, or misuse of your personal data. Only authorized personnel and service providers can process your data under strict confidentiality agreements.

In case of a data breach, we will notify you and the relevant authorities if required by law.

9. Data Retention

We retain your personal data only as long as necessary for the purposes collected, including legal and regulatory requirements. In some cases, we may anonymize your data for research or statistical purposes.

10. Your Legal Rights

You have the right to:

  • Access your personal data ("data subject access request").
  • Correct any incorrect data.
  • Request deletion of your data.
  • Object to data processing based on legitimate interests.
  • Restrict processing under certain conditions.
  • Request data portability to another service provider.

To exercise these rights, contact us at [email protected]. We will respond within one month unless extensions are necessary due to complexity.