The Human-Readable Version
You can find the fine-print and full privacy-policy below. We know email is serious business, so we’re summarising all the important bits below without the legal jargon.
The gist of it:
Who is "us"?
Your data is processed, handled and stored by AediLabs Inc, a legally registered Delaware Corporation. AediLabs is a operator of multiple SaaS businesses, including InboxPolice.
We’re a fully bootstrapped team, running remotely from all corners of the globe. Our survival depends on doing good by our customers. Thus, we have aligned incentives: keep your data safe and your trust in us.
We’re also humans just like you. If you have questions or suggestions we’re over at firstname.lastname@example.org!
Where we process and store your data
The data we retrieve and that you provide by using InboxPolice is safely stored in a server in the US. We have performed penetration testing on the app/infrastructure, conducted by a third party. At this moment we are not able to offer EU storage of data.
To help us improve our services we also use external third party services that might, at one point, contain your data. Please review these below. Do note that in the event you close your account, we’ll delete (hard delete) these from everywhere (except Stripe + Quickbooks).
Our server has your email address, personal information (name), IP, timezone and any other settings you provide. It also includes:
1. Total counts of emails received, processed, delivered and blocked by InboxPolice but not it’s content or subject.
2. List of contacts approved, VIP-added, rejected or awaiting decision,
3. List of keywords for VIP handling.
4. Subject for all emails from senders awaiting approval as well as for emails awaiting delivery to your inbox.
Subjects are removed as soon as your email is delivered, approved or rejected, respectively.
Contacts (senders) email address and name are never deleted, unless you delete your account.
We use customer.io for transactional and email marketing as well as basic in-app tracking and CRM. The following information is stored in Customer.io: your IP, your email address, first name, last name, any beta testing information you provide.
We’ll also use it to track the following events:
We use Stripe to process payments. Any information you provide at checkout is safely stored and encrypted with Stripe.
We keep these transactions for compliance reasons for up to 10 years.
If you contact support the messages you send as well as your data (email, name and any other data you provide) will be stored in Crisp. You can request removal of these. If you delete your account, these will be removed.
We do not use Google Analytics in-app. Google Analytics is used on our landing page. If you use our Landing page we might store your IP, location and visited pages as well as in-page actions.
When you join our beta program, you’ll see your data added to Typeform for a period of up to 30 days. The data is deleted every 30 days.
The legal bit
Information We CollectInformation we collect falls into one of two categories: “voluntarily provided” information and “automatically collected” information. “Voluntarily provided” information refers to any information you knowingly and actively provide us when using or participating in any of our services and promotions. “Automatically collected” information refers to any information automatically sent by your devices in the course of accessing our products and services.
Log DataWhen you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your device’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, and other details about your visit. Additionally, if you encounter certain errors while using the site, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem. You may or may not receive notice of such errors, even in the moment they occur, that they have occurred, or what the nature of the error is. Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.
Device DataWhen you visit our website or interact with our services, we may automatically collect data about your device, such as:
- Device Type
- Operating System
- Unique device identifiers
- Device settings
- Geo-location data
Personal InformationWe may ask for personal information — for example, when you submit content to us or when you contact us — which may include one or more of the following:
- Timezone, Location
Sensitive Information“Sensitive information” or “special categories of data” is a subset of personal information that is given a higher level of protection. Examples of sensitive information include information relating to your racial or ethnic origin, political opinions, religion, trade union or other professional associations or memberships, philosophical beliefs, sexual orientation, sexual practices or sex life, criminal records, health information, or biometric information. The types of sensitive information that we may collect about you include:
- Gmail/Microsoft’s user account email contacts
- Gmail/Microsoft’s user account received email subjects
- Gmail/Microsoft’s user account senders of email
Legitimate Reasons for Processing Your Personal InformationWe only collect and use your personal information when we have a legitimate reason for doing so. In which instance, we only collect personal information that is reasonably necessary to provide our services to you.
Collection and Use of InformationWe may collect personal information from you when you do any of the following on our website:
- Register for an account
- Use a mobile device or web browser to access our content
- Contact us via email, social media, or on any similar technologies
- When you mention us on social media
- to provide you with our platform’s core features and services
- to enable you to customize or personalize your experience of our website
- to enable you to access and use our website, associated applications, and associated social media platforms
- for internal record keeping and administrative purposes
Security of Your Personal InformationWhen we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification. Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security. You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services. For example, ensuring any passwords associated with accessing your personal information and accounts are secure and confidential.
Children’s PrivacyWe do not aim any of our products or services directly at children under the age of 13, and we do not knowingly collect personal information about children under 13.
Disclosure of Personal Information to Third PartiesWe may disclose personal information to:
- a parent, subsidiary, or affiliate of our company
- third-party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, analytics, error loggers, debt collectors, maintenance or problem-solving providers, professional advisors, and payment systems operators
- our employees, contractors, and/or related entities
- our existing or potential agents or business partners
- credit reporting agencies, courts, tribunals, and regulatory authorities, in the event you fail to pay for goods or services we have provided to you
- courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights
- third parties, including agents or sub-contractors, who assist us in providing information, products, services, or direct marketing to you
- third parties to collect and process data
- an entity that buys, or to which we transfer all or substantially all of our assets and business
- Google Analytics
What is a cookie?
A cookie is a small piece of data that a website stores on your device when you visit. It typically contains information about the website itself, a unique identifier that allows the site to recognize your web browser when you return, additional data that serves the cookie’s purpose, and the lifespan of the cookie itself.
Cookies are used to enable certain features (e.g. logging in), track site usage (e.g. analytics), store your user settings (e.g. time zone, notification preferences), and to personalize your content (e.g. advertising, language).
Cookies set by the website you are visiting are usually referred to as first-party cookies. They typically only track your activity on that particular site.
Cookies set by other sites and companies (i.e. third parties) are called third-party cookies They can be used to track you on other websites that use the same third-party service.
Types of cookies and how we use them
Essential cookies are crucial to your experience of a website, enabling core features like user logins, account management, shopping carts, and payment processing.
We use essential cookies to enable certain functions on our website.
Performance cookies track how you use a website during your visit. Typically, this information is anonymous and aggregated, with information tracked across all site users. They help companies understand visitor usage patterns, identify and diagnose problems or errors their users may encounter, and make better strategic decisions in improving their audience’s overall website experience. These cookies may be set by the website you’re visiting (first-party) or by third-party services. They do not collect personal information about you.
We use performance cookies on our site.
Functionality cookies are used to collect information about your device and any settings you may configure on the website you’re visiting (like language and time zone settings). With this information, websites can provide you with customized, enhanced, or optimized content and services. These cookies may be set by the website you’re visiting (first-party) or by third-party services.
We use functionality cookies for selected features on our site.
Targeting/advertising cookies help determine what promotional content is most relevant and appropriate to you and your interests. Websites may use them to deliver targeted advertising or limit the number of times you see an advertisement. This helps companies improve the effectiveness of their campaigns and the quality of content presented to you. These cookies may be set by the website you’re visiting (first-party) or by third-party services. Targeting/advertising cookies set by third-parties may be used to track you on other websites that use the same third-party service.
We do not use this type of cookie on our site.Business Transfers If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.
Limits of Our PolicyOur website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
Additional Disclosures for Australian Privacy Act Compliance (AU)
International Transfers of Personal InformationWhere the disclosure of your personal information is solely subject to Australian privacy laws, you acknowledge that some third parties may not be regulated by the Privacy Act and the Australian Privacy Principles in the Privacy Act. You acknowledge that if any such third party engages in any act or practice that contravenes the Australian Privacy Principles, it would not be accountable under the Privacy Act, and you will not be able to seek redress under the Privacy Act.
Additional Disclosures for General Data Protection Regulation (GDPR) Compliance (EU)
Data Controller / Data ProcessorThe GDPR distinguishes between organisations that process personal information for their own purposes (known as “data controllers”) and organizations that process personal information on behalf of other organizations (known as “data processors”). We, AediLabs Inc, located at the address provided in our Contact Us section, are a Data Controller and/or Processor with respect to the personal information you provide to us.
Legal Bases for Processing Your Personal InformationWe will only collect and use your personal information when we have a legal right to do so. In which case, we will collect and use your personal information lawfully, fairly, and in a transparent manner. If we seek your consent to process your personal information, and you are under 16 years of age, we will seek your parent or legal guardian’s consent to process your personal information for that specific purpose. Our lawful bases depend on the services you use and how you use them. This means we only collect and use your information on the following grounds:
Performance of a Contract or TransactionWhere you have entered into a contract or transaction with us, or in order to take preparatory steps prior to our entering into a contract or transaction with you. For example, if you contact us with an enquiry, we may require personal information such as your name and contact details in order to respond.
Our Legitimate InterestsWhere we assess it is necessary for our legitimate interests, such as for us to provide, operate, improve and communicate our services. We consider our legitimate interests to include research and development, understanding our audience, marketing and promoting our services, measures taken to operate our services efficiently, marketing analysis, and measures taken to protect our legal rights and interests.
International Transfers Outside of the European Economic Area (EEA)We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.
Your Rights and Controlling Your Personal InformationRestrict: You have the right to request that we restrict the processing of your personal information if (i) you are concerned about the accuracy of your personal information; (ii) you believe your personal information has been unlawfully processed; (iii) you need us to maintain the personal information solely for the purpose of a legal claim; or (iv) we are in the process of considering your objection in relation to processing on the basis of legitimate interests. Objecting to processing: You have the right to object to processing of your personal information that is based on our legitimate interests or public interest. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights, and freedoms, in order to proceed with the processing of your personal information. Data portability: You may have the right to request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may also have the right to request that we transfer this personal information to a third party. Deletion: You may have a right to request that we delete the personal information we hold about you at any time, and we will take reasonable steps to delete your personal information from our current records. If you ask us to delete your personal information, we will let you know how the deletion affects your use of our website or products and services. There may be exceptions to this right for specific legal reasons which, if applicable, we will set out for you in response to your request. If you terminate or delete your account, we will delete your personal information within 30 days of the deletion of your account. Please be aware that search engines and similar third parties may still retain copies of your personal information that has been made public at least once, like certain profile information and public comments, even after you have deleted the information from our services or deactivated your account.
CCPA-permitted financial incentivesIn accordance with your right to non-discrimination, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels for the goods or services we provide. Any CCPA-permitted financial incentive we offer will reasonably relate to the value of your personal information, and we will provide written terms that describe clearly the nature of such an offer. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
California Notice of CollectionIn the past 12 months, we have collected the following categories of personal information enumerated in the California Consumer Privacy Act:
- Identifiers, such as name, email address, phone number account name, IP address, and an ID or number assigned to your account.
- Customer records, such as billing and shipping address, and credit or debit card data.
- Commercial information, such as products or services history and purchases.
- Internet activity, such as your interactions with our service.
Right to Know and DeleteIf you are a California resident, you have rights to delete your personal information we collected and know certain information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:
- The categories of personal information we have collected about you;
- The categories of sources from which the personal information was collected;
- The categories of personal information about you we disclosed for a business purpose or sold;
- The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
- The business or commercial purpose for collecting or selling the personal information; and
- The specific pieces of personal information we have collected about you.