Privacy Policy

This Privacy Policy explains how Vumonic Datalabs OÜ ("Inboox.ai," "we," "our," "us") collects, uses, and protects information in connection with the Inboox.ai service (the "Service").

1. Definitions

"Personal Information," "Personal Data," and "Personally Identifiable Information" ("PII") mean any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an identified or identifiable natural person, household, or device, as defined under applicable data protection and privacy laws, including but not limited to the GDPR, UK GDPR, CCPA/CPRA, and similar laws worldwide.

Where multiple legal definitions apply, the term shall be interpreted broadly to include the most protective applicable definition for the individual and the narrowest reasonable interpretation for anonymized or aggregated data, in accordance with applicable law.

2. ABOUT INBOOX.AI

Inboox.ai is a competitive intelligence tool for email marketers. The Service provides a searchable database of real brand emails (promotional, transactional, and marketing emails) to help marketers research competitor email strategies.

Where the Emails Come From

Commercial Email Messages displayed in the Service originate from panelists who have entered into a separate agreement with Vumonic Datalabs OÜ (or its affiliates), granting informed, explicit, and revocable consent for the processing of their commercial email content for anonymized market research and intelligence purposes.

Vumonic Datalabs OÜ acts as the data controller for panel data processing. All processing is subject to purpose limitation, data minimization, and anonymization safeguards in accordance with GDPR Articles 5 and 6.

Anonymization and Residual Data

Inboox.ai is designed to display commercial email content in an anonymized form

using technical and organizational measures intended to remove or mask personal

identifiers prior to display. Before any email is displayed in Inboox.ai:

However, due to the nature of automated processing, data ingestion pipelines, or unforeseen technical circumstances, limited portions of data may be deemed Personal Information under applicable law.

To the extent any data processed or displayed is considered Personal Information, such processing is conducted lawfully in accordance with this Privacy Policy and applicable data protection laws. Inboox.ai does not rely on anonymization alone as a legal basis for processing.

No Reliance on Anonymization Alone

Where data processed or displayed through the Service may be considered Personal Information under applicable law, Inboox.ai does not rely solely on anonymization as a legal basis for processing and instead relies on consent, contractual necessity, legitimate interests, and other lawful bases described in this Policy.

3. INFORMATION WE COLLECT FROM INBOOX.AI USERS

When you create an Inboox.ai account, we collect:

Account Information

Payment Information

Usage Data

Technical Data

4. How We Use Your Information

We use your information to:

Data Minimization

We collect and process only the minimum data necessary to provide and improve the Service.

We do NOT sell your Personal Information to third parties.

Automated Processing and Profiling

Inboox.ai may use automated systems and AI-assisted technologies to classify, analyze, and organize email content for research and intelligence purposes. Third-party providers, where used, act as processors and are restricted from using data for their own purposes.

Inboox.ai does not use automated decision-making or profiling that produces legal or similarly significant effects on users within the meaning of GDPR Article 22.

5. Legal Bases for Processing (gdpr)

For users in the European Economic Area, we process your information under the following legal bases:

| Processing Activity | Legal Basis | |---------------------|-------------| | Providing the Service | Contract performance (Art. 6(1)(b)) | | Processing payments | Contract performance (Art. 6(1)(b)) | | Service communications | Legitimate interests (Art. 6(1)(f)) | | Security and fraud prevention | Legitimate interests (Art. 6(1)(f)) | | Legal compliance | Legal obligation (Art. 6(1)(c)) | | Marketing communications | Consent (Art. 6(1)(a)) |

6. Data Sharing

We share your information only when necessary:

Service Providers and Subprocessors

These providers are bound by contract to protect your data and act as processors or subprocessors on our behalf.

Subprocessor Transparency

A list of subprocessors is available upon request by emailing hello@inboox.ai.

Legal Requirements

Corporate Transactions

We do NOT sell or trade your Personal Information.

7. Your Rights

All Users

Additional Rights for Eea/uk Users (gdpr)

California Users (ccpa)

Global Privacy Control

Inboox.ai honors Global Privacy Control (GPC) signals where required by law. Where applicable, we treat such signals as a valid request to opt out of the sale or sharing of Personal Information.

To exercise any rights, email hello@inboox.ai.

We will respond to all requests within 30 days.

8. Cookies

We use cookies to:

Types of Cookies

Eu Cookie Law Compliance

For users located in the European Economic Area and United Kingdom, non-essential cookies (including analytics and preference cookies) are only placed after obtaining explicit consent via a cookie consent banner. Users may withdraw or modify cookie consent at any time through cookie settings.

You can disable cookies in your browser settings, but some features may not work properly.

9. Data Retention

Your Account Data

Usage Logs

Anonymized Email Database

10. Data Security

We protect your data with:

No system is 100% secure. You are responsible for keeping your login credentials confidential and notifying us of any unauthorized access.

11. International Data Transfers

Vumonic Datalabs OÜ is headquartered in Estonia (European Union). Your data

may be transferred to and processed in:

For transfers outside the EEA, we use Standard Contractual Clauses (SCCs) approved by the European Commission.

12. Employee Access and Operational Processing

In the course of operating, maintaining, securing, and improving the Service, authorized personnel of Inboox.ai may incidentally access limited portions of data that may include Personal Information during activities such as system development, quality assurance, debugging, troubleshooting, customer support, security investigations, and compliance reviews.

Such access is strictly limited to personnel with a legitimate business need and is conducted solely for operational purposes. All personnel are subject to confidentiality obligations, data-protection training, and internal access controls designed to minimize exposure and prevent unauthorized use or disclosure.

Employee access to data does not constitute disclosure to third parties. Any Personal Information incidentally accessed is processed in accordance with this Privacy Policy, applicable data protection laws, and internal security policies, and is not used for purposes unrelated to the operation, maintenance, or protection of the Service.

Where Personal Information is identified outside its intended anonymized or restricted context, Inboox.ai will take commercially reasonable steps to restrict access, remediate, or delete such data and to comply with any applicable legal obligations.

Isolated or incidental access to data by authorized personnel, when performed in good faith and in accordance with internal policies, shall not constitute a breach of this Privacy Policy or applicable law.

13. Accidental Disclosure and Remediation

The Service is designed to display only anonymized or non-personal commercial email content. However, due to the complexity of automated processing systems, AI-assisted classification, data ingestion pipelines, or unforeseen technical issues, limited portions of data that may include Personal Information may occasionally become visible through the Service unintentionally.

Inboox.ai does not intentionally disclose Personal Information through the Service. Any such visibility is incidental, temporary, and not indicative of the intended design or operation of the Service. Inboox.ai does not rely on the absence of such incidents as a legal representation or guarantee.

To the extent that Personal Information becomes visible through the Service, such data is processed on a lawful basis in accordance with this Privacy Policy and applicable data protection laws, including legitimate interests in operating, securing, improving, and correcting the Service.

Upon becoming aware of unintended visibility of Personal Information, Inboox.ai will take commercially reasonable steps to investigate, restrict access to, remove, remediate, or correct the affected data and to comply with any notification or remediation obligations required by applicable law.

The existence of isolated or inadvertent visibility of Personal Information, when promptly addressed using appropriate safeguards, shall not by itself constitute a breach of this Privacy Policy or an unlawful disclosure under applicable data protection laws.

Users acknowledge that complex data-processing services may experience isolated errors despite reasonable safeguards, and such errors do not alter the lawful nature of the Service when appropriately remediated.

14. Children

Inboox.ai is a business service not intended for individuals under 18. We do not knowingly collect information from children. If we learn we have collected information from a child, we will delete it promptly.

15. Corporate Transactions and Change of Control

Change of Control & Assignment

In the event that Inboox.ai or Vumonic Datalabs OÜ is involved in a merger, acquisition, reorganization, sale of substantially all assets, bankruptcy, or other change of control transaction ("Corporate Transaction"), we may transfer or assign this Agreement, the Service, and all associated assets, including intellectual property, user accounts, and data, to the successor entity without restriction.

Such transfer shall not require additional user consent, provided that the successor entity agrees to honor materially equivalent privacy and data protection obligations as described in this Policy.

Intellectual Property Transfer

All rights, title, and interest in and to the Service, including but not limited to software, source code, models, databases, compilations, anonymized datasets, derived works, analytics outputs, trademarks, trade names, and documentation (collectively, "Inboox IP") are owned exclusively by Vumonic Datalabs OÜ.

In connection with any Corporate Transaction, all Inboox IP may be transferred, assigned, or licensed to the acquiring entity without limitation, restriction, or obligation to users.

Data Transfer & Continuity of Processing

In connection with a Corporate Transaction, Personal Information, usage data, anonymized datasets, and panel-derived commercial email data may be transferred to, acquired by, or processed by a successor entity as part of the transaction.

Such transfer is based on legitimate interests in business continuity, corporate restructuring, and asset valuation, and is permitted under applicable data protection laws, including GDPR Article 6(1)(f) and Recital 48.

Panel & Dataset Survivability

All anonymized datasets, market intelligence outputs, and panel-derived commercial email content incorporated into the Service are non-personal data and may be retained, transferred, sublicensed, commercialized, or otherwise exploited by the acquiring entity following a Corporate Transaction without restriction.

User Account & Subscription Continuity

User accounts, subscriptions, and associated entitlements may be transferred to the successor entity in a Corporate Transaction. Users will continue to receive access to the Service under materially similar terms unless otherwise notified.

Privacy Policy Survival & Notice

In the event of a Corporate Transaction, the successor entity will either: (a) continue to process Personal Information in accordance with this Privacy Policy; or (b) provide notice of material changes and, where required by law, obtain additional consent.

Use of the Service following such notice constitutes acceptance of the updated policy, except where prohibited by law.

Cross-border Transfer Post-acquisition

Following a Corporate Transaction, Personal Information may be transferred to jurisdictions in which the acquiring entity operates, subject to appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms required by applicable law.

No Consent Required

Users acknowledge and agree that no additional consent is required for the transfer of the Service, IP, or data as part of a Corporate Transaction, except where explicitly mandated by applicable law.

16. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via email or banner on the site at least 30 days before taking effect. Continued use after changes take effect constitutes acceptance.

17. Data Protection Contact

Vumonic Datalabs OÜ has designated a team member responsible for overseeing data protection compliance and responding to privacy inquiries. For data protection matters, contact: hello@inboox.ai

18. Contact

Data Controller

Vumonic Datalabs OÜ Harju maakond, Tallinn, Estonia Registration: 14588215

Email: hello@inboox.ai Website: inboox.ai Privacy Policy: inboox.ai/privacy Terms of Service: inboox.ai/terms

© Vumonic Datalabs OÜ 2026. All Rights Reserved.