Privacy Policy

1. Who we are

InboxWarden (LLC pending) is the provider of the InboxWarden email security service. If you have questions about this Privacy Policy or your data, contact support@inboxwarden.com.

2. What we collect

InboxWarden collects account and mailbox data necessary to provide the Service, including:

• Account information, such as your email address, connected mailbox address, and subscription or billing status.
• Email metadata, including sender address, subject line, and timestamp, which InboxWarden uses to evaluate trust rules, quarantine decisions, and digest summaries.
• Connection credentials, including encrypted IMAP credentials or app passwords used to maintain mailbox access on your behalf.
• Operational records, such as audit history, rule configuration, mailbox settings, and support or error logs needed to keep the Service functioning securely.

InboxWarden is designed so that it does not store full email bodies as application data.

3. How we use data

InboxWarden uses the data it collects to operate and improve the Service, including to authenticate users, connect mailboxes, evaluate trust rules, place messages into quarantine, produce digest summaries, maintain billing records, investigate errors, and prevent abuse or misuse of the platform.

4. Mailbox credentials and provider permissions

InboxWarden stores only the mailbox access details needed to provide the features you enable:

• IMAP providers: the credentials or app passwords you provide are stored in encrypted form at rest so InboxWarden can maintain the mailbox connection on your behalf.
• Mailbox rules and folders: InboxWarden may create provider-side folders, labels, or rules needed for pending and quarantine workflows.
• Optional SMTP settings: when custom SMTP settings are supplied for a provider, those settings are used only for connection handling related to that mailbox.

5. Data storage and security

InboxWarden stores application data in PostgreSQL hosted on a Hetzner VPS in Germany. Stored credentials and tokens are encrypted at rest. We use reasonable administrative, technical, and organizational safeguards designed to protect personal data against unauthorized access, alteration, disclosure, or destruction.

6. Third-party services

InboxWarden relies on a limited set of processors and infrastructure providers to operate the Service:

• Stripe for subscription billing and payment processing.
• SendGrid for transactional emails such as account and product notifications.

7. Data retention

InboxWarden retains account and mailbox data while your subscription remains active. If your account is canceled, InboxWarden will delete retained service data within 30 days, unless a longer retention period is required by law or to resolve a dispute. Stored credentials are deleted immediately when a mailbox is disconnected.

8. Your rights and choices

Depending on your jurisdiction, you may have the right to access, export, correct, or delete your personal data. You may also disconnect a mailbox or revoke provider access at any time. To make a request, contact support@inboxwarden.com.

9. GDPR and EU data handling

InboxWarden stores application data in the European Union and supports GDPR-aligned rights, including the right to erasure and access requests. A data processing addendum is available on request for customers who need one.

10. Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we may provide notice by updating this page, by email, or within the Service.