Privacy Policy.
This is the plainest English we could manage. The legalese version is here too, but we tried to write it so you can actually read it. If anything is unclear, email privacy@inboxnanny.com.
1. Who we are
Inbox Nanny (referred to as "we," "us," or "the Service") is operated by the team behind inboxnanny.com. We are reachable at help@inboxnanny.com for general questions, and at privacy@inboxnanny.com for anything privacy-related.
This policy explains what data we collect when you use Inbox Nanny, what we do with it, how we protect it, and what rights you have to access, change, or delete it.
2. What we collect
Inbox Nanny does not connect to your inbox. We never read your mail. The free scan takes one input: the email address you ask us to look up. That's the only piece of your data the scan touches.
2.1 Information you provide directly
When you use the free scan:
- The email address you enter — for the address-only lookup against our list of B2B sales databases
- A 6-digit verification code that you receive at that address and enter back into the site, to confirm you control the address before any removal action is filed on your behalf
- Your opt-in choice for re-listing alert emails (optional)
When you sign in for an account on the Service:
- The email address you enter on the login page (we use passwordless magic-link sign-in via our authentication provider Supabase Auth — no Google, no OAuth, no third-party social login, no password)
- No name, profile photo, contact list, or other profile data from any social or email provider
2.2 Information we do NOT collect
To be explicit, the Service does not access or collect any of the following:
- The contents of your inbox or any specific message
- Email headers, subject lines, attachments, or message metadata of any kind
- Your drafts, sent folder, archive, labels, or any mailbox state
- Your calendar, contacts, or any other Google / Microsoft / iCloud account data
- OAuth tokens, API tokens, or any session-bound credentials to your email account
- Your address book or anything about people you correspond with
There is no OAuth flow on this Service. We do not ask Google, Microsoft, Apple, or any other provider for permission to read your email, because we never read it. The free scan is an address-only lookup against a static list of B2B brokers; the removal flow uses your verified email ownership (the 6-digit code) as the basis of authorization, not access to your account.
2.3 Information about your interactions with the Service
We log basic usage data: pages viewed, features used, error events. This is used to improve the Service. We do not associate this with the contents of any email account, because we never see them.
2.4 Scan and removal-request records
When you run a scan, we store the email address you entered, the scan result (which brokers were matched to that address), and, if you opt in, your preference for re-listing alert emails. We keep scan rows for 90 days and then delete them automatically.
When you file removal requests through the Service, we store a record of which broker each request was filed with, the request status, and the broker's message ID for tracking. We keep these records for as long as needed to track and re-submit (typically up to 12 months). You can unsubscribe from re-listing alerts at any time using the link in any alert email.
3. How we use what we collect
To look up which B2B sales databases have your email address, file removal requests on your behalf as your authorized agent, and monitor for re-listings. That's it.
The Service uses your data exclusively for the following purposes:
- Looking up the email address you provide against our list of B2B sales databases to show you which ones likely have it
- Verifying your ownership of that email address (via the 6-digit code) before any removal action is taken on your behalf
- Filing removal/erasure requests with each broker on your behalf as your authorized agent, on the legal basis of GDPR Article 17 and CCPA §1798.105, with your email set as Reply-To so the broker's response reaches you directly
- Showing you suggested mail-client filter rules that you can choose to set up yourself (we do not create filters in your account)
- Monitoring monthly for re-listings and re-filing the removal request when needed
- Sending you summary reports of removal status and re-listing events
- Customer support and account administration
- Improving the Service in aggregate (never tied to a specific user's data)
4. What we do NOT do with your data
To be explicit about what's off the table:
- We do not access your inbox. No OAuth flow, no read access, no API tokens, no session — we have no connection to your email account at all.
- We do not sell your data. Not to anyone, not in aggregate, not as derivative products. Ever.
- We do not train AI models on your data. Broker detection uses static lookups and statistical heuristics, not machine learning trained on user data.
- We do not share your data with third parties except as strictly necessary to operate the Service (e.g., our hosting and database provider stores encrypted data on our behalf, and removal requests are sent to the broker you asked us to file with).
- We do not use your data for advertising — ours or anyone else's.
- We do not send mail from your address. Removal requests are filed from our own branded address as your authorized agent, with your email as Reply-To. We never log into your account to send anything.
5. Where your data lives
Your data is stored on servers in the geographic region matching your jurisdiction:
- EU/UK users: AWS Frankfurt and AWS Dublin
- US users: AWS US-East and AWS US-West
- Other regions: AWS region geographically closest to you
Data is encrypted at rest (AES-256) and in transit (TLS 1.3). Backups are encrypted and retained for 30 days, then permanently deleted.
6. How long we keep your data
- Active account data: kept for as long as your account is active
- Email scan results: kept for 90 days, then automatically purged
- Removal request records: kept for as long as needed to track and re-submit (typically 12 months)
- Account deletion: when you delete your account, all data is permanently erased within 30 days, with the exception of records we are legally required to retain (e.g., payment receipts for tax purposes - kept for 7 years)
7. Your rights
Depending on your jurisdiction, you have some or all of the following rights:
- Access: get a copy of all the data we hold about you
- Correction: ask us to fix data that's wrong or incomplete
- Deletion: ask us to delete your data ("right to be forgotten")
- Restriction: ask us to stop using your data while we resolve a dispute
- Portability: get your data in a structured, machine-readable format
- Objection: object to processing for direct marketing
- Opt-out of sale: not relevant since we never sell your data, but it's your right under CCPA
- Withdraw consent: stop using the Service at any time and delete your account, which permanently erases all scan and account records we hold about you (subject only to legally-required retention)
To exercise any of these rights, email privacy@inboxnanny.com. We respond within the timeframe required by your jurisdiction's law (30 days under GDPR, 45 days under CCPA).
8. Cookies and tracking
We use the minimum cookies necessary to operate the Service:
- Session cookie: keeps you logged in
- Preferences cookie: remembers your dashboard settings
We do not use third-party advertising cookies, social tracking pixels, or session replay tools. Analytics is done with privacy-respecting tooling (currently Plausible Analytics) that does not use cookies or personal identifiers.
9. Children's privacy
The Service is intended for use by adults in a professional context. We do not knowingly collect data from anyone under 16. If you believe a minor has signed up for the Service, contact us and we will delete the account.
10. Changes to this policy
If we make material changes to this policy, we will notify you via email at least 30 days before the changes take effect. Minor changes (typos, clarifications) may be made without notice but are reflected in the "last updated" date at the top.
11. Contact
Privacy questions, complaints, or rights requests:
- Email: privacy@inboxnanny.com
- Mail: [TO BE ADDED at launch - business address]
If you're in the EU/UK and aren't satisfied with our response, you have the right to lodge a complaint with your national data protection authority.
We'd rather answer directly than hide behind boilerplate.
Privacy isn't a checkbox for us. Email privacy@inboxnanny.com with anything you want clarified.