Privacy is not a side note for Inboxaly. It is part of the product design itself. This page explains, in plain language, how data is handled, what is not stored, how access works, and what happens when you leave.
Email bodies are processed by AI only and are not read by Inboxaly staff.
AES-256 and TLS 1.3 are used to protect data throughout the workflow.
Templates, rules, logs, and connected service data are deleted within 24 hours.
Encryption at rest
Encryption in transit
Deletion window after cancellation
Advertising tracking cookies used
This page follows the same philosophy as the product itself: keep things transparent, practical, and easy to understand.
The fastest possible summary of how Inboxaly handles privacy and data.
What Inboxaly processes, what it stores, and what it deliberately avoids storing.
Inboxaly is designed not to store email bodies on its servers. Email content is processed in real time so the system can decide what action to take and then complete that action.
Inboxaly stores metadata including sender, subject, timestamp, labels, and actions taken. This supports your dashboard, activity log, and system transparency.
The product is built to keep the operational benefits of logging and visibility without turning full email body storage into part of the platform model.
The controls described for encryption and security review.
Inboxaly uses AES-256 encryption for stored data.
Inboxaly uses TLS 1.3 to protect data moving between systems.
The platform states that it is SOC 2 Type II compliant and undergoes regular third-party security audits.
Privacy and security are presented as part of the core design, not optional add-ons.
How account connection works and why your password is not part of the model.
Inboxaly connects through OAuth 2.0, which means account access is authorized securely through the email provider’s authentication flow. Inboxaly does not see or store your email password.
This design reduces credential exposure while making connection and revocation cleaner and more controllable for users.
Standards and user rights explicitly stated in the policy summary.
Inboxaly states that it is GDPR compliant.
Users can request data export or deletion at any time.
Inboxaly states clearly that user data is never sold to anyone for any reason.
The policy states that no human at Inboxaly accesses user email content.
What happens when you stop using the service.
When you cancel, Inboxaly states that all product-side data is deleted within 24 hours. This includes templates, rules, logs, and connected dashboard-related data.
Your original emails remain in your own inbox untouched.
Deletion applies to Inboxaly-managed platform data. Your underlying email account and its email history remain under your own control.
If you want more clarity on security, storage, access, or compliance before using Inboxaly, we would rather answer those questions directly than leave anything unclear.