Privacy Policy
Last updated: September 18, 2025
Privacy-First Design
Inbox.dog is built on transient processing - we process your emails in real-time but don't store email content. Your privacy is protected by design.
1. Information We Collect
1.1 Account Information
When you create an account, we collect:
- Email address - for account identification and notifications
- Name - from your OAuth provider (Google)
- OAuth tokens - securely encrypted, to access your Gmail account
1.2 Agent Configuration Data
To provide our service, we store:
- AI agent prompts and settings - the instructions you give your agents
- Email triggers and rules - conditions for when agents should activate
- File references - metadata about uploaded knowledge base files (not file content)
1.3 Usage Analytics
We collect anonymized usage statistics:
- Email processing counts - how many emails your agents process
- Feature usage - which tools and capabilities you use
- Error rates - to improve service reliability
2. Information We DO NOT Collect or Store
- ❌ Email content - processed in-memory, immediately discarded
- ❌ Email metadata - subject lines, sender info (after processing)
- ❌ Personal conversations - your emails remain private
- ❌ File content - managed by Cloudflare AutoRAG, not stored by us
3. How We Use Your Information
3.1 Service Delivery
- Process emails according to your agent configurations
- Provide AI-powered email automation and responses
- Enable file-based knowledge search through AutoRAG
3.2 Service Improvement
- Monitor system performance and reliability
- Analyze usage patterns to improve features
- Provide customer support when requested
4. Legal Basis for Processing (GDPR)
- Consent - Explicit OAuth consent for Gmail access
- Contract Performance - Processing necessary to deliver email automation services
- Legitimate Interest - Service improvement and fraud prevention
5. Data Sharing and Third Parties
5.1 Service Providers
We work with trusted partners who help us provide our service:
- Cloudflare - Infrastructure, security, and data processing (SOC 2 Type II certified)
- OpenAI - AI processing for email analysis and responses (GDPR compliant)
- Google - Gmail API access for email processing
5.2 No Data Sales
We never sell, rent, or trade your personal information. Your data is used solely to provide and improve our service.
6. Data Security
- Encryption - All data encrypted in transit (TLS) and at rest
- Access Controls - Strict per-agent data isolation
- Infrastructure Security - Cloudflare's enterprise-grade security
- OAuth Security - Secure, revocable Gmail access tokens
7. Data Retention
Retention Periods
- Email content: 0 days (immediate deletion after processing)
- Account data: Account lifetime + 30 days after deletion
- Usage logs: 90 days (managed by Cloudflare)
- File content: 30 days or until you delete your account
8. Your Rights
8.1 Access and Control
- Access - Export your agent configurations anytime
- Rectification - Update your information in account settings
- Deletion - Delete your account and all associated data
- Portability - Export your data in JSON format
- Revoke Access - Disconnect Gmail access at any time
8.2 Contact for Privacy Requests
To exercise your rights, contact us at: privacy@inbox.dog
9. International Data Transfers
Your data may be processed in various locations through Cloudflare's global network. All transfers are protected by:
- Cloudflare's Data Processing Agreement
- Standard Contractual Clauses (SCCs)
- Adequate data protection measures
10. Changes to This Policy
We may update this privacy policy to reflect changes in our practices or legal requirements. We'll notify you of any material changes via email or through our service.
11. Contact Information
This privacy policy is designed to be clear and comprehensive. If you have any questions about how we handle your data, please don't hesitate to contact us.