Privacy Policy

This Privacy Policy explains how Vumonic Datalabs OÜ ("Inboox.ai," "we," "our," 

"us") collects, uses, and protects information in connection with the Inboox.ai 

service (the "Service").

‍

1. DEFINITIONS

‍

"Personal Information," "Personal Data," and "Personally Identifiable 

Information" ("PII") mean any information that identifies, relates to, describes, 

is reasonably capable of being associated with, or could reasonably be linked, 

directly or indirectly, to an identified or identifiable natural person, 

household, or device, as defined under applicable data protection and privacy 

laws, including but not limited to the GDPR, UK GDPR, CCPA/CPRA, and similar 

laws worldwide.

‍

Where multiple legal definitions apply, the term shall be interpreted broadly 

to include the most protective applicable definition for the individual and the 

narrowest reasonable interpretation for anonymized or aggregated data, in 

accordance with applicable law.

‍

2. ABOUT INBOOX.AI

‍

Inboox.ai is a competitive intelligence tool for email marketers. The Service 

provides a searchable database of real brand emails (promotional, transactional, 

and marketing emails) to help marketers research competitor email strategies.

‍

WHERE THE EMAILS COME FROM:

Commercial Email Messages displayed in the Service originate from panelists who 

have entered into a separate agreement with Vumonic Datalabs OÜ (or its 

affiliates), granting informed, explicit, and revocable consent for the 

processing of their commercial email content for anonymized market research and 

intelligence purposes.

‍

Vumonic Datalabs OÜ acts as the data controller for panel data processing. All 

processing is subject to purpose limitation, data minimization, and anonymization 

safeguards in accordance with GDPR Articles 5 and 6.

‍

ANONYMIZATION AND RESIDUAL DATA:

Inboox.ai is designed to display commercial email content in an anonymized form 

using technical and organizational measures intended to remove or mask personal 

identifiers prior to display. Before any email is displayed in Inboox.ai:

• Personal information is removed (recipient names, addresses, account numbers)

• Geographic identifiers are stripped

• Order IDs and tracking numbers are masked

‍

However, due to the nature of automated processing, data ingestion pipelines, or 

unforeseen technical circumstances, limited portions of data may be deemed 

Personal Information under applicable law.

‍

To the extent any data processed or displayed is considered Personal Information, 

such processing is conducted lawfully in accordance with this Privacy Policy and 

applicable data protection laws. Inboox.ai does not rely on anonymization alone 

as a legal basis for processing.

‍

NO RELIANCE ON ANONYMIZATION ALONE:

Where data processed or displayed through the Service may be considered Personal 

Information under applicable law, Inboox.ai does not rely solely on anonymization 

as a legal basis for processing and instead relies on consent, contractual 

necessity, legitimate interests, and other lawful bases described in this Policy.

‍

3. INFORMATION WE COLLECT FROM INBOOX.AI USERS

‍

When you create an Inboox.ai account, we collect:

‍

ACCOUNT INFORMATION:

• Name and email address

• Company name (optional)

• Password (stored encrypted)

‍

PAYMENT INFORMATION:

• Processed securely through third-party payment processors (e.g., Stripe)

• We do not store credit card numbers on our servers

‍

USAGE DATA:

• Searches, filters, and saved favorites

• Features used and interaction patterns

• Session duration and frequency

‍

TECHNICAL DATA:

• IP address, browser type, device information

• Cookies and similar technologies

‍

4. HOW WE USE YOUR INFORMATION

‍

We use your information to:

• Provide and maintain your Inboox.ai account

• Process payments and manage subscriptions

• Improve our search tools and AI recommendations

• Send service communications (product updates, feature changes, billing)

• Prevent fraud, spam, and security issues

• Analyze usage patterns to improve the Service

• Comply with legal obligations

‍

DATA MINIMIZATION:

We collect and process only the minimum data necessary to provide and improve 

the Service.

‍

We do NOT sell your Personal Information to third parties.

‍

AUTOMATED PROCESSING AND PROFILING:

Inboox.ai may use automated systems and AI-assisted technologies to classify, 

analyze, and organize email content for research and intelligence purposes. 

Third-party providers, where used, act as processors and are restricted from 

using data for their own purposes.

‍

Inboox.ai does not use automated decision-making or profiling that produces 

legal or similarly significant effects on users within the meaning of GDPR 

Article 22.

‍

5. LEGAL BASES FOR PROCESSING (GDPR)

‍

For users in the European Economic Area, we process your information under 

the following legal bases:

‍

| Processing Activity | Legal Basis |

|---------------------|-------------|

| Providing the Service | Contract performance (Art. 6(1)(b)) |

| Processing payments | Contract performance (Art. 6(1)(b)) |

| Service communications | Legitimate interests (Art. 6(1)(f)) |

| Security and fraud prevention | Legitimate interests (Art. 6(1)(f)) |

| Legal compliance | Legal obligation (Art. 6(1)(c)) |

| Marketing communications | Consent (Art. 6(1)(a)) |

‍

6. DATA SHARING

‍

We share your information only when necessary:

‍

SERVICE PROVIDERS AND SUBPROCESSORS:

• Payment processors (Stripe)

• Cloud hosting providers (AWS, Google Cloud)

• Analytics services (for usage analysis)

• Customer support tools

• AI and machine learning service providers (where used for content classification)

‍

These providers are bound by contract to protect your data and act as processors 

or subprocessors on our behalf.

‍

SUBPROCESSOR TRANSPARENCY:

A list of subprocessors is available upon request by emailing hello@inboox.ai.

‍

LEGAL REQUIREMENTS:

• To comply with applicable law or valid legal process

• To respond to government requests

• To protect our rights, safety, or property

‍

CORPORATE TRANSACTIONS:

• In connection with a merger, acquisition, or sale of assets

• We will notify you of any change in ownership

‍

We do NOT sell or trade your Personal Information.

‍

7. YOUR RIGHTS

‍

ALL USERS:

• ACCESS: Request a copy of your account data

• DELETE: Request deletion of your account and Personal Information

• UPDATE: Correct inaccurate information in your account settings

• OPT OUT: Unsubscribe from marketing emails at any time

‍

ADDITIONAL RIGHTS FOR EEA/UK USERS (GDPR):

• DATA PORTABILITY: Receive your data in a machine-readable format

• RESTRICTION: Request restriction of processing in certain circumstances

• OBJECTION: Object to processing based on legitimate interests

• WITHDRAW CONSENT: Withdraw consent for marketing at any time

• LODGE COMPLAINT: File a complaint with your local data protection authority

‍

CALIFORNIA USERS (CCPA):

• RIGHT TO KNOW: What Personal Information we collect and disclose

• RIGHT TO DELETE: Request deletion of your Personal Information

• RIGHT TO OPT OUT: We do not sell Personal Information

• NON-DISCRIMINATION: We will not discriminate against you for exercising rights

‍

GLOBAL PRIVACY CONTROL:

Inboox.ai honors Global Privacy Control (GPC) signals where required by law. 

Where applicable, we treat such signals as a valid request to opt out of the 

sale or sharing of Personal Information.

‍

To exercise any rights, email hello@inboox.ai.

‍

We will respond to all requests within 30 days.

‍

8. COOKIES

‍

We use cookies to:

• Remember your login and preferences

• Analyze how you use the Service

• Improve your experience

‍

TYPES OF COOKIES:

• Essential: Required for the Service to function

• Analytics: Help us understand usage patterns

• Preferences: Remember your settings

‍

EU COOKIE LAW COMPLIANCE:

For users located in the European Economic Area and United Kingdom, non-essential 

cookies (including analytics and preference cookies) are only placed after 

obtaining explicit consent via a cookie consent banner. Users may withdraw or 

modify cookie consent at any time through cookie settings.

‍

You can disable cookies in your browser settings, but some features may 

not work properly.

‍

9. DATA RETENTION

‍

YOUR ACCOUNT DATA:

• Retained while your account is active

• Deleted within 30 days of account deletion request

• Payment records retained as required by law (up to 7 years)

‍

USAGE LOGS:

• Retained up to 2 years, then deleted or anonymized

‍

ANONYMIZED EMAIL DATABASE:

• The brand emails in our database are processed to remove personal identifiers 

  and are retained indefinitely

• These emails are designed to contain no Personal Information, though no 

  anonymization method can guarantee zero risk in all circumstances

‍

10. DATA SECURITY

‍

We protect your data with:

• Encryption in transit (TLS 1.2+) and at rest (AES-256)

• Secure authentication and access controls

• Regular security assessments and penetration testing

• Firewalls and intrusion detection systems

• Employee access limitations and training

‍

No system is 100% secure. You are responsible for keeping your login 

credentials confidential and notifying us of any unauthorized access.

‍

11. INTERNATIONAL DATA TRANSFERS

‍

Vumonic Datalabs OÜ is headquartered in Estonia (European Union). Your data 

may be transferred to and processed in:

• Estonia (EU)

• United States (cloud infrastructure)

‍

For transfers outside the EEA, we use Standard Contractual Clauses (SCCs) 

approved by the European Commission.

‍

12. EMPLOYEE ACCESS AND OPERATIONAL PROCESSING

‍

In the course of operating, maintaining, securing, and improving the Service, 

authorized personnel of Inboox.ai may incidentally access limited portions of 

data that may include Personal Information during activities such as system 

development, quality assurance, debugging, troubleshooting, customer support, 

security investigations, and compliance reviews.

‍

Such access is strictly limited to personnel with a legitimate business need 

and is conducted solely for operational purposes. All personnel are subject to 

confidentiality obligations, data-protection training, and internal access 

controls designed to minimize exposure and prevent unauthorized use or disclosure.

‍

Employee access to data does not constitute disclosure to third parties. Any 

Personal Information incidentally accessed is processed in accordance with this 

Privacy Policy, applicable data protection laws, and internal security policies, 

and is not used for purposes unrelated to the operation, maintenance, or 

protection of the Service.

‍

Where Personal Information is identified outside its intended anonymized or 

restricted context, Inboox.ai will take commercially reasonable steps to restrict 

access, remediate, or delete such data and to comply with any applicable legal 

obligations.

‍

Isolated or incidental access to data by authorized personnel, when performed in 

good faith and in accordance with internal policies, shall not constitute a 

breach of this Privacy Policy or applicable law.

‍

13. ACCIDENTAL DISCLOSURE AND REMEDIATION

‍

The Service is designed to display only anonymized or non-personal commercial 

email content. However, due to the complexity of automated processing systems, 

AI-assisted classification, data ingestion pipelines, or unforeseen technical 

issues, limited portions of data that may include Personal Information may 

occasionally become visible through the Service unintentionally.

‍

Inboox.ai does not intentionally disclose Personal Information through the 

Service. Any such visibility is incidental, temporary, and not indicative of 

the intended design or operation of the Service. Inboox.ai does not rely on the 

absence of such incidents as a legal representation or guarantee.

‍

To the extent that Personal Information becomes visible through the Service, such 

data is processed on a lawful basis in accordance with this Privacy Policy and 

applicable data protection laws, including legitimate interests in operating, 

securing, improving, and correcting the Service.

‍

Upon becoming aware of unintended visibility of Personal Information, Inboox.ai 

will take commercially reasonable steps to investigate, restrict access to, remove, 

remediate, or correct the affected data and to comply with any notification or 

remediation obligations required by applicable law.

‍

The existence of isolated or inadvertent visibility of Personal Information, when 

promptly addressed using appropriate safeguards, shall not by itself constitute a 

breach of this Privacy Policy or an unlawful disclosure under applicable data 

protection laws.

‍

Users acknowledge that complex data-processing services may experience isolated 

errors despite reasonable safeguards, and such errors do not alter the lawful 

nature of the Service when appropriately remediated.

‍

14. CHILDREN

‍

Inboox.ai is a business service not intended for individuals under 18. We do 

not knowingly collect information from children. If we learn we have collected 

information from a child, we will delete it promptly.

‍

15. CORPORATE TRANSACTIONS AND CHANGE OF CONTROL

‍

CHANGE OF CONTROL & ASSIGNMENT:

In the event that Inboox.ai or Vumonic Datalabs OÜ is involved in a merger, 

acquisition, reorganization, sale of substantially all assets, bankruptcy, or 

other change of control transaction ("Corporate Transaction"), we may transfer 

or assign this Agreement, the Service, and all associated assets, including 

intellectual property, user accounts, and data, to the successor entity without 

restriction.

‍

Such transfer shall not require additional user consent, provided that the 

successor entity agrees to honor materially equivalent privacy and data 

protection obligations as described in this Policy.

‍

INTELLECTUAL PROPERTY TRANSFER:

All rights, title, and interest in and to the Service, including but not limited 

to software, source code, models, databases, compilations, anonymized datasets, 

derived works, analytics outputs, trademarks, trade names, and documentation 

(collectively, "Inboox IP") are owned exclusively by Vumonic Datalabs OÜ.

‍

In connection with any Corporate Transaction, all Inboox IP may be transferred, 

assigned, or licensed to the acquiring entity without limitation, restriction, 

or obligation to users.

‍

DATA TRANSFER & CONTINUITY OF PROCESSING:

In connection with a Corporate Transaction, Personal Information, usage data, 

anonymized datasets, and panel-derived commercial email data may be transferred 

to, acquired by, or processed by a successor entity as part of the transaction.

‍

Such transfer is based on legitimate interests in business continuity, corporate 

restructuring, and asset valuation, and is permitted under applicable data 

protection laws, including GDPR Article 6(1)(f) and Recital 48.

‍

PANEL & DATASET SURVIVABILITY:

All anonymized datasets, market intelligence outputs, and panel-derived 

commercial email content incorporated into the Service are non-personal data 

and may be retained, transferred, sublicensed, commercialized, or otherwise 

exploited by the acquiring entity following a Corporate Transaction without 

restriction.

‍

USER ACCOUNT & SUBSCRIPTION CONTINUITY:

User accounts, subscriptions, and associated entitlements may be transferred to 

the successor entity in a Corporate Transaction. Users will continue to receive 

access to the Service under materially similar terms unless otherwise notified.

‍

PRIVACY POLICY SURVIVAL & NOTICE:

In the event of a Corporate Transaction, the successor entity will either:

(a) continue to process Personal Information in accordance with this Privacy 

Policy; or

(b) provide notice of material changes and, where required by law, obtain 

additional consent.

‍

Use of the Service following such notice constitutes acceptance of the updated 

policy, except where prohibited by law.

‍

CROSS-BORDER TRANSFER POST-ACQUISITION:

Following a Corporate Transaction, Personal Information may be transferred to 

jurisdictions in which the acquiring entity operates, subject to appropriate 

safeguards such as Standard Contractual Clauses or equivalent mechanisms 

required by applicable law.

‍

NO CONSENT REQUIRED:

Users acknowledge and agree that no additional consent is required for the 

transfer of the Service, IP, or data as part of a Corporate Transaction, except 

where explicitly mandated by applicable law.

‍

16. CHANGES TO THIS POLICY

‍

We may update this policy from time to time. Material changes will be 

communicated via email or banner on the site at least 30 days before 

taking effect. Continued use after changes take effect constitutes acceptance.

‍

17. DATA PROTECTION CONTACT

‍

Vumonic Datalabs OÜ has designated a team member responsible for overseeing 

data protection compliance and responding to privacy inquiries. For data 

protection matters, contact: hello@inboox.ai

‍

18. CONTACT

‍

DATA CONTROLLER:

Vumonic Datalabs OÜ

Harju maakond, Tallinn, Estonia

Registration: 14588215

‍

Email: hello@inboox.ai

Website: inboox.ai

Privacy Policy: inboox.ai/privacy

Terms of Service: inboox.ai/terms

‍

‍

© Vumonic Datalabs OÜ 2026. All Rights Reserved.

‍