INBOXTONIC ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Chrome extension and website (collectively, the "Service").
Please read this Privacy Policy carefully. By using INBOXTONIC, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.
1. Information We Collect
1.1 Information You Provide
Account Information:
Email address (collected via Google OAuth)
Name and profile picture (from your Google account)
Subscription and billing information (if you upgrade to a paid plan)
User-Generated Content:
Email instructions you provide to generate replies
Context you add to customize email generation
Tone and model preferences you select
Writing Style Data:
Sample emails you provide for personalization (optional)
Writing patterns detected from your email usage (with your permission)
1.2 Information Collected Automatically
Usage Information:
Number of email generations used
Features accessed within the extension
Tone and model selections
Time and date of usage
Browser type and version
Technical Information:
Chrome extension ID
IP address (for security and fraud prevention)
Device information (operating system, browser version)
Error logs and crash reports
1.3 Information We Do NOT Collect
We want to be crystal clear about what we DO NOT collect:
Email Content Storage:
We do NOT store or permanently retain email content
We do NOT store or permanently retain your email contacts
We do NOT keep email history or message archives or the responses generated by the AI
Authentication Information:
We do NOT collect Gmail credentials - we use Google OAuth and never see your password
We do NOT store any passwords, PINs, or security questions
Other Data:
We do NOT collect health information, financial data, or location data beyond IP addresses for analytics
We do NOT access your web browsing history or other personal data
1.4 Email Content Access Clarification
While we do not store or permanently retain email content, we do temporarily access email data when you use the reply generation feature:
When you click "Generate Reply":
We read the current email thread context (subject, sender, message content) from Gmail
This data is processed in real-time (see Section 3.1 Real-Time Processing)
We automatically scrub and remove personally identifiable information (PII) from email content before processing
This includes names, addresses, phone numbers, email addresses, signature blocks, and other sensitive personal data
The cleaned, anonymized content is sent to our AI service to generate your reply
All data is immediately discarded after reply generation
No email content is ever stored in our databases or retained for any other purpose
Key Distinction:
Access/Collect: Yes, temporarily when you use the feature (covered in Section 2.1 To Provide the Service)
Store/Retain: No, email content is never saved, logged, or kept permanently
Your Control:
Email access only occurs when you explicitly click the "Generate Reply" button
You can revoke Gmail permissions anytime through your Google account settings
The extension only works on Gmail pages and requires your active permission
2. How We Use Your Information
We use the information we collect for the following purposes:
2.1 To Provide the Service
Generate AI email responses based on your instructions and context
Personalize your experience by learning your writing style (opt-in only)
Authenticate your account using Google OAuth
Track your usage to enforce plan limits (20/200/500 generations per month)
Process payments for Plus and Pro subscriptions
2.2 To Improve the Service
Analyze usage patterns to improve AI models and features
Monitor performance and fix bugs
Develop new features based on aggregate user behavior
Conduct A/B testing to optimize user experience
2.3 To Communicate With You
Send service updates and important notices
Provide customer support when you contact us
Send billing notifications and receipts
Request feedback to improve our Service (optional)
2.4 For Security and Compliance
Prevent fraud and abuse of the Service
Enforce our Terms of Service
Comply with legal obligations
Protect our rights and property
3. How We Process Email Generation
3.1 Real-Time Processing
When you use INBOXTONIC to generate an email:
1.You provide instructions (e.g., "Decline meeting politely, suggest next week")
2.We send your instructions to our AI service provider (e.g., OpenAI, Anthropic, Google)
3.AI generates a response based on your instructions and selected tone
4.We return the response to you in the extension
5.We delete the data immediately - Neither your instructions nor the generated email are permanently stored
Retention Period: AI-generated content is processed in real-time and immediately discarded after delivery to you.
3.2 Writing Style Learning (Optional)
If you enable "Personalization" or "Writing Style Learning":
We analyze the emails that you've previously sent to identify your writing patterns
We store anonymized writing patterns (sentence structure, common phrases, tone preferences)
We do NOT store the actual email content
You can disable this feature and delete your writing profile at any time
4. Data Sharing and Disclosure
4.1 Third-Party Service Providers
We share your information with trusted third-party service providers who help us operate the Service:
AI Service Providers:
OpenAI (GPT models)
Anthropic (Claude models)
Google (Gemini models)
xAI (Grok models)
DeepSeek (DeepSeek models)
Purpose: To generate AI email responses
Data Shared: Your email instructions, selected tone, and the relevant email context (temporarily, for processing only)
Retention: These providers process data in real-time and do not store it permanently
Payment Processing:
Stripe (for billing and subscription management)
Purpose: To process payments for Plus and Pro subscriptions
Data Shared: Email address, payment method, billing information
Privacy Policy: https://stripe.com/privacy
Analytics and Monitoring:
Google Analytics (aggregate usage analytics)
Sentry (error tracking and crash reporting)
Purpose: To understand how users interact with the Service and fix bugs
Data Shared: Anonymized usage data, error logs (no personal identifiable information)
Email Communications:
SendGrid (transactional emails)
Purpose: To send welcome emails, billing notifications, and support responses
Data Shared: Email address, name
4.2 Legal Requirements
We may disclose your information if required to do so by law or in response to:
Court orders or legal processes
Requests from government authorities
Protection of our rights, property, or safety
Prevention of fraud or illegal activities
4.3 Business Transfers
If INBOXTONIC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.
4.4 What We Do NOT Do
We will NEVER:
Sell your personal information to third parties
Share your email content with anyone
Use your data for advertising purposes
Share your data with data brokers
5. Data Security
We implement industry-standard security measures to protect your information:
5.1 Technical Safeguards
Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.3.
Encryption at rest: Sensitive data stored in our databases is encrypted using AES-256.
Secure authentication: We use Google OAuth 2.0 for authentication (we never see your password).
Access controls: Only authorized personnel have access to user data on a need-to-know basis.
5.2 Organizational Safeguards
Regular security audits: To identify and fix vulnerabilities.
Employee training: On data protection and privacy best practices.
Incident response plan: To quickly address any security breaches.
Data minimization: We only collect data necessary to provide the Service.
5.3 Limitations
While we take reasonable measures to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention
6.1 Active Accounts
Account information: Retained for as long as your account is active.
Usage data: Retained for 12 months for analytics purposes.
Writing style data: Retained until you delete it or close your account.
Email generation data:NOT retained - deleted immediately after processing.
6.2 Closed Accounts
When you delete your account:
Your account information is deleted within 30 days
Your usage data is anonymized and may be retained for up to 12 months for analytics
Your writing style data is permanently deleted
Your payment information is deleted from our systems (Stripe retains it per their retention policy)
6.3 Legal Retention
We may retain certain information if required by law or for legitimate business purposes (e.g., resolving disputes, enforcing agreements, preventing fraud).
7. Your Privacy Rights
7.1 Access and Portability
You have the right to:
Access your personal information: Request a copy of the data we hold about you.
Download your data: Export your account information and preferences in a machine-readable format.
How to exercise: Email us at privacy@inboxtonic.com
7.2 Correction and Deletion
You have the right to:
Correct inaccurate information: Update your email address or profile information.
Delete your account: Permanently remove your account and associated data.
How to exercise:
Update information in your account settings
Delete your account: Settings → Account → Delete Account
Or email us at privacy@inboxtonic.com
7.3 Opt-Out Rights
You have the right to:
Opt out of marketing emails: Unsubscribe from promotional emails (you will still receive transactional emails).
Disable writing style learning: Turn off personalization features in Settings.
Opt out of analytics: Use browser plugins like uBlock Origin or Privacy Badger.
7.4 Rights for EU/UK Users (GDPR)
If you are located in the European Union or United Kingdom, you have additional rights:
Right to object: To processing of your personal data.
Right to restriction: Of processing in certain circumstances.
Right to lodge a complaint: With your local data protection authority.
Legal Basis for Processing:
Performance of contract (to provide the Service).
Legitimate interests (to improve the Service, prevent fraud).
Consent (for optional features like writing style learning).
7.5 Rights for California Users (CCPA)
If you are a California resident, you have the right to:
Know what personal information we collect, use, and disclose.
Delete your personal information (with certain exceptions).
Opt-out of the sale of your personal information (note: we do not sell personal information).
Non-discrimination for exercising your privacy rights.
How to exercise: Email us at privacy@inboxtonic.com with "CCPA Request" in the subject line.
8. Children's Privacy
INBOXTONIC is not intended for use by anyone under the age of 13 (or 16 in the EU). We do not knowingly collect personal information from children.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@inboxtonic.com. We will delete such information from our systems within 30 days.
9. International Data Transfers
INBOXTONIC is based in UAE, and your information may be processed in UAE or other countries where our service providers operate.
If you are located in the European Union, United Kingdom, or other jurisdictions with data protection laws, please note that we transfer your personal information to countries that may not provide the same level of data protection as your home country.
We rely on the following mechanisms for international transfers:
Standard Contractual Clauses: EU-approved data transfer agreements.
Adequacy decisions: By the European Commission (where applicable).
Your consent: For transfers necessary to provide the Service.
10. Third-Party Links
Our Service may contain links to third-party websites, plugins, or services that are not operated by us (e.g., Stripe payment pages, AI provider websites).
We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.
Examples of third-party services:
Google OAuth (for authentication).
Stripe (for payment processing).
AI service providers (for email generation).
11. Do Not Track Signals
Some browsers transmit "Do Not Track" (DNT) signals. Currently, there is no industry standard for responding to DNT signals, and INBOXTONIC does not respond to DNT signals.
You can control tracking through browser settings and privacy-focused browser extensions.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
We will notify you of material changes by:
Posting the updated Privacy Policy on our website with a new "Last Updated" date.
Sending an email notification to your registered email address.
Displaying a prominent notice in the extension.
Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.
We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: privacy@inboxtonic.com
Website: https://inboxtonic.com/contact
Mailing Address:
eConsult Networks LLC dba INBOXTONIC
Shams Business Center, Sharjah Media City Free Zone,
Al Messaned, Sharjah, UAE
Response Time: We will respond to your inquiry within 30 days (or as required by applicable law).
14. Data Protection Officer
For users in the European Union or United Kingdom, you can contact our Data Protection Officer (DPO) at:
Email: dpo@inboxtonic.com
15. Specific Disclosures
15.1 Google API Services User Data Policy
INBOXTONIC's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
What this means:
We only use Google user data (email, profile) for authentication and personalization purposes.
We do not use Google user data for serving ads.
We do not transfer Google user data to third parties (except as necessary to provide the Service).
Health, financial, or location data (beyond IP for analytics).
Web browsing history.
How we use your data:
To generate AI email responses (PII scrubbed, deleted immediately after processing).
To personalize your experience (optional).
To improve the Service.
Your rights:
Access your data.
Delete your account.
Opt out of optional features.
Contact us with questions.
We NEVER:
Sell your data.
Share your email content.
Use your data for advertising.
Store email content permanently.
By using INBOXTONIC, you acknowledge that you have read, understood, and agree to this Privacy Policy.
If you do not agree with this Privacy Policy, please do not use our Service.
This Privacy Policy is effective as of November 24, 2025 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.