Last updated: February 19, 2026

Privacy Policy

1. Who we are

InboxProcess is operated by Stratalytic, registered in the Netherlands. We provide email automation services that process inbound emails and route data to third-party integrations on your behalf.

2. Data we collect

  • Account data — email address and hashed password when you sign up.
  • Email content — subject, sender, body, and attachments of emails you forward to your InboxProcess address. Processed in real-time and not stored after processing completes.
  • OAuth tokens — encrypted access and refresh tokens for Google, Slack, Notion, and other connected services. Used solely to perform actions you configured (create calendar events, append spreadsheet rows, post messages, create tasks).
  • Execution logs — sender address, subject line, processing status, and duration. Retained for 90 days for debugging and activity history.
  • Usage metrics — monthly email count per account for billing purposes.

3. How we use your data

Your data is used exclusively to provide the service you configured:

  • Parse email content and attachments to extract structured data.
  • Send extracted data to your connected integrations (Google Calendar, Google Sheets, Slack, Notion).
  • AI processing (via Anthropic Claude) to extract structured information from email text. Email content is sent to the AI model in real-time and is not stored by us or Anthropic after processing.
  • Send transactional emails (confirmation, password reset).

We do not sell, share, or use your data for advertising, training AI models, or any purpose other than delivering the service.

4. Third-party services

  • Supabase — database and authentication (EU region).
  • Vercel — application hosting.
  • Cloudflare — email routing and DNS.
  • Anthropic — AI processing for Smart Booking, Receipt Tracker, Order Tracker, Email to Slack, and Email to Tasks pipelines.
  • Stripe — payment processing. We never see or store your credit card details.
  • Resend — transactional email delivery.

5. Data security

All OAuth tokens are encrypted at rest using AES-256-GCM. All connections use HTTPS/TLS. Email content is processed in memory and not persisted to disk. Access to production systems is restricted to authorized personnel only.

6. Data retention

  • Email content: not stored after processing (real-time only).
  • Execution logs: 90 days.
  • OAuth tokens: until you disconnect the integration or delete your account.
  • Account data: until you delete your account.

7. Your rights

Under GDPR, you have the right to access, correct, export, and delete your personal data. You can disconnect integrations and delete pipelines at any time from your dashboard. To delete your account entirely, contact us at the address below.

8. Cookies

We use a single essential authentication cookie to keep you signed in. We use Plausible Analytics, which is cookie-free and does not track personal data. We do not use advertising or tracking cookies.

9. Contact

For privacy questions or data requests, email privacy@inboxprocess.com.