1. Introduction
InbXr ("we," "us," or "our") operates the email deliverability platform at inbxr.us. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services.
By using InbXr, you agree to the collection and use of information as described in this policy. If you do not agree, please discontinue use of our services.
2. Information We Collect
Account Information: When you create an account, we collect your email address and display name. If you sign up via Google OAuth, we receive your name and email from Google.
Payment Information: Subscription payments are processed by Stripe. We do not store your credit card number, CVV, or full card details on our servers. Stripe handles all payment data in accordance with PCI-DSS standards. We retain your Stripe customer ID and subscription status.
Usage Data: We collect information about how you use our tools, including:
- Pages visited and tools used
- Domains and email addresses you analyze (for delivering results)
- Email content submitted for analysis (processed in real time and not permanently stored unless you save it to your dashboard)
- IP address, browser type, and referrer URL
- Timestamps and frequency of use
Support Data: If you use our support chat or contact us, we collect the content of your messages to assist you.
3. How We Use Your Information
We use your information to:
- Provide and maintain our email deliverability analysis tools
- Process your account registration and manage your subscription
- Enforce rate limits and prevent abuse of our services
- Send transactional emails (account verification, password resets, billing receipts)
- Improve our tools and develop new features based on aggregate usage patterns
- Respond to support requests
- Comply with legal obligations
We do not sell your personal information to third parties. We do not send marketing emails unless you explicitly opt in.
4. Cookies and Tracking
We use cookies for the following purposes:
- Session cookies: Required for authentication and keeping you logged in
- CSRF tokens: Required for security and preventing cross-site request forgery
- Analytics: We track page views internally to understand usage patterns. We may use third-party analytics scripts as configured by our team
You can disable cookies in your browser settings, but this may prevent you from using certain features such as logging in.
5. Third-Party Services
We use the following third-party services that may process your data:
- Stripe: Payment processing. Stripe collects and processes payment information under its own privacy policy.
- Groq AI: We use Groq's API to power AI-driven analysis features (email copy analysis, subject line scoring, support chat). Data sent to Groq is processed in real time and is subject to Groq's privacy policy. We do not send your account credentials or payment information to Groq.
- Google OAuth: If you choose to sign in with Google, Google shares your basic profile information with us per your consent.
6. Data Retention
We retain your data as follows:
- Account data: Retained for as long as your account is active. If you delete your account, we remove your personal data within 30 days.
- Analysis results: Saved results on your dashboard are retained while your account is active. Free-tier analyses performed without an account are not stored permanently.
- Server logs: IP addresses and access logs are retained for up to 90 days for security and abuse prevention.
- Payment records: Billing history is retained as required by applicable tax and financial regulations.
7. Data Security
We take reasonable measures to protect your information, including:
- Encrypted connections (HTTPS/TLS) for all data in transit
- Hashed and salted passwords (we never store plaintext passwords)
- CSRF protection on all state-changing requests
- Rate limiting to prevent brute-force attacks
No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
8. Your Rights (GDPR and Other Regulations)
If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with applicable data protection laws, you have the following rights:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate or incomplete data.
- Erasure: Request deletion of your personal data ("right to be forgotten").
- Portability: Request your data in a structured, machine-readable format.
- Restriction: Request that we limit how we process your data.
- Objection: Object to processing of your data for certain purposes.
- Withdraw consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at inboxermedia@gmail.com. We will respond within 30 days.
9. Children's Privacy
InbXr is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page. Continued use of InbXr after changes constitutes acceptance of the updated policy.
