Privacy Policy

1. Information We Collect

Account Information

• Email address
• Authentication credentials (handled by Supabase and Google OAuth)

User-Submitted Content

• Cleaned (redacted) versions of submitted message text (email, LinkedIn, DMs, or other outreach)
• AI-generated responses
• User-configured privacy settings (words to always redact, custom reply templates)

Level 10 Retaliation Data

When using the Level 10 feature, we temporarily store:

• The spammer's email address
• Email subject lines
• Full unredacted conversation content (while the conversation is active)
• Conversation thread history

This data is deleted or redacted once the conversation completes or times out.

Echo Link Analytics

When an Echo link is viewed, we collect:

• IP address
• Approximate geolocation (city, country) derived from IP address
• Timestamp of access

This data is used to show Echo creators when and where their links were viewed. On paid tiers, this information may be displayed on a location heatmap.

Usage & Analytics Data

• Feature usage
• Interaction patterns
• Performance metrics

2. What We Do Not Store (Standard Echo Creation)

• Original raw messages containing personal or identifying information (we store only redacted versions)
• Access to your personal email inbox or messaging accounts
• Contact lists
• Message recipients' identities

Note: The Level 10 Retaliation feature temporarily stores unredacted conversation content while conversations are active. See Section 1 above for details.

3. How We Use Data

We use collected data to:

• Operate and improve Inbox Echo
• Generate AI-powered responses
• Provide usage history and analytics
• Monitor performance, reliability, and security
• Communicate service-related updates (such as feature announcements)

4. AI Processing

• Cleaned content is sent to OpenAI via Enterprise API
• Submitted data is not used to train AI models
• Data is processed solely to generate responses requested by users

5. Data Storage & Security

• Data is stored using Supabase
• Authentication is handled via Supabase and Google OAuth
• Industry-standard security practices are applied
• Data is transmitted using secure connections

6. Payments

• Payments are processed by Stripe
• Inbox Echo does not store payment card details or billing credentials

7. Data Retention

• Inbox Echo retains Echo history for no longer than 90 days for any user
• Echo links may expire sooner depending on plan level (7, 14, or 30 days)
• After 90 days, Echo data may be deleted or anonymized
• Level 10 unredacted conversation data is deleted or redacted once conversations complete or time out (typically within 48 hours of inactivity)
• Users may request account deletion at any time, which will remove remaining associated data in accordance with this policy
• Aggregated or anonymized usage data may be retained for analytics, security, or legal compliance

8. Your Rights

You may:

• Request access to your data
• Request correction of inaccurate data
• Request deletion of your account and associated data

9. Cookies & Tracking Technologies

Inbox Echo may use cookies or similar technologies for:

• Authentication
• Analytics
• Performance monitoring

10. Children's Privacy

Inbox Echo is not intended for users under the age of 18. We do not knowingly collect personal data from minors.

11. Changes to This Policy

We may update this Privacy Policy as the service evolves. Continued use of Inbox Echo constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions or requests: