Privacy Policy

Last updated: February 2026

1. Introduction

Welcome to MyInboxer ("we", "our", "us"). We are based in Québec, Canada, and we respect your privacy. We are committed to protecting your personal data in compliance with Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and Québec's Act respecting the protection of personal information in the private sector.

2. Information We Collect

We collect the following categories of information:

  • Account Information: When you register, we collect your name, email address, and authentication credentials. This is necessary to create and maintain your account and process your subscription payments.
  • Email Metadata: With your explicit authorization via OAuth, we access metadata from your spam folder (e.g., sender, recipient, subject, date, message‑ID) to identify potentially legitimate emails. We do not permanently store the full body content of your emails. However, to perform AI‑based classification (using third‑party AI models such as Mistral, OpenAI, and Gemini), we may temporarily process email content in memory; this content is not retained after analysis.
  • Usage Data: We automatically collect information about how you interact with the service, such as features used, actions taken (e.g., marking an email as legitimate), and preferences.
  • Device & Connection Information: We may collect your IP address, browser type, operating system, and device identifiers to ensure security, troubleshoot issues, and analyze aggregate usage.
  • Payment Information: When you subscribe to our monthly plan, payment processing is handled securely by Stripe. We do not store your full payment card details on our servers.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and improve our email rescue service, including identifying and moving legitimate emails out of your spam folder.
  • To process your monthly subscription payments and manage your account.
  • To train and enhance our AI classification models. For this purpose, we may use anonymized or aggregated email metadata and user feedback. We do not use the content of your emails to train models without additional consent.
  • To send you service notifications, such as alerts about rescued emails or important updates about your subscription.
  • To communicate with you about your account, respond to support requests, and inform you about changes to our terms or policies.
  • To monitor and ensure the security of our platform, detect fraud, and prevent abuse.
  • To comply with legal obligations and enforce our Terms of Service.

We do not sell your personal information to third parties.

4. Third‑Party Subprocessors

To provide the Service, we engage trusted third‑party subprocessors who may process your data. All subprocessors are contractually bound to comply with applicable privacy laws and to use your data only for the purposes of providing services to us. Current subprocessors include:

  • Vercel: Hosting and deployment platform.
  • Railway: Cloud infrastructure and backend services.
  • Upstash: Redis database for caching and queue management.
  • Resend: Email delivery and notifications.
  • Stripe: Payment processing for subscriptions.
  • Supabase: Database and authentication services.
  • Google: Social authentication (sign‑in with Google) and, as a subprocessor, may process your basic profile information when you choose this login method.
  • Microsoft: Social authentication (sign‑in with Microsoft) and, as a subprocessor, may process your basic profile information when you choose this login method.
  • Mistral AI: AI model provider for email classification.
  • OpenAI: AI model provider for email classification.
  • Google (Gemini): AI model provider for email classification.

We may update this list from time to time. For the most current list, please contact us.

5. Data Retention

We retain your personal data only as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law.

  • Account information: Retained until you delete your account. You may request deletion at any time.
  • Email metadata: We store metadata for a maximum of 30 days. After this period, it is automatically and permanently deleted from our systems.
  • Usage logs: Aggregated, non‑identifiable logs may be retained longer for analytics and service improvement, but individual identifiers are removed after 30 days.

When we no longer need your data, we securely delete or anonymize it.

6. Data Security

We implement industry‑standard technical and organizational measures to protect your data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These include:

  • Encryption in transit (TLS 1.3) and at rest (AES‑256).
  • Strict access controls and authentication for all systems.
  • Regular security assessments and penetration testing.
  • Use of OAuth 2.0 for email provider connections, ensuring we never see or store your email password.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information. We may share information in the following limited circumstances:

  • Service Providers (Subprocessors): With trusted third parties listed in Section 4 who assist us in operating our platform. These parties are bound by data processing agreements and are prohibited from using your data for any other purpose.
  • Legal Compliance: When required by law, regulation, or legal process (e.g., subpoena), or to protect the rights, property, or safety of MyInboxer, our users, or others.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and choices you may have.
  • With Your Consent: We may share information for any other purpose disclosed to you and with your explicit consent.

8. International Data Transfers

MyInboxer is based in Québec, Canada. Your information may be transferred to, stored, and processed in countries other than your own, including the United States (where some of our subprocessers are located). When we transfer data outside Canada, we ensure that such transfers comply with applicable data protection laws and that adequate safeguards are in place (e.g., standard contractual clauses, or verification that the recipient country offers adequate protection).

9. Your Rights and Choices

Under Canadian and Québec privacy laws, you have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to certain legal exceptions (e.g., for legal compliance).
  • Restriction: Request that we restrict processing of your data in certain circumstances.
  • Data Portability: Request a structured, commonly used format of your data.
  • Objection: Object to processing based on legitimate interests or direct marketing.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise your rights, please contact us at hello@myinboxer.com. We will respond within 30 days, as required by Québec law. You also have the right to lodge a complaint with the Office of the Privacy Commissioner of Canada or the Commission d'accès à l'information du Québec.

10. Children's Privacy

MyInboxer is not intended for individuals under the age of 14 (the age of majority in Québec for consent to online services). We do not knowingly collect personal information from children under 14. If we become aware that we have inadvertently collected such data, we will take steps to delete it promptly.

11. Changes to This Privacy Policy

We may update this policy from time to time to reflect changes in our practices or legal obligations. We will notify you of material changes by email or through a prominent notice on our website. Your continued use of the service after the effective date constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact our Privacy Officer at:

Email: hello@myinboxer.com