Privacy Policy
This Privacy Policy explains how CheckInbox collects, uses, stores, protects, and shares information when you visit our website, create an account, use our platform, run inbox placement tests, analyze email content, use our tools, or communicate with us.
Information we collect
CheckInbox collects information needed to provide, secure, maintain, improve, and support the service. The exact information we collect depends on how you use CheckInbox. Account information may include your email address, password hash, account role, account status, registration language, last session language, login timestamps, consent records, marketing communication preferences, and other account-related settings. Authentication and session information may include login activity, cookie-based session identifiers, security events, IP address, browser details, device information, request metadata, and technical logs used to protect accounts and prevent unauthorized access. Email monitoring data may include seed addresses, sender addresses, message subjects, provider names, folder placement results, received timestamps, provider message identifiers, and related metadata needed to show where test messages land across supported providers. Scan data may include one-time scan addresses, inbound test message metadata, sender information, message headers, parsed authentication signals, SPF, DKIM, DMARC, DNS and infrastructure indicators, blacklist-style check results, links, subject lines, text bodies, HTML bodies, attachment counts, report scores, findings, and recommendations. Word Scanner data may include selected language, subject line, email body text, matched words or phrases, match positions, spam-risk score, promo-risk score, recommendations, technical matches, and saved wording-analysis history. Utility tool data may include text or URLs entered into tools such as Case Converter, UTM Builder, and Emoji. Some utility actions may be processed locally in the browser, while others may be stored or processed if the product feature requires it. Communication data may include messages you send to us, support requests, feedback, contact form submissions, onboarding communications, product questions, email replies, and related correspondence. Marketing and product communication data may include your marketing consent status, subscription preferences, communication history, email engagement signals where available, and your interaction with product updates, educational messages, or promotional communications. Payment and billing data may be processed if paid plans, subscriptions, trials, credits, invoices, or usage-based billing are offered. Payment processing may be handled by third-party payment processors, and CheckInbox may receive limited billing-related information such as plan status, transaction status, invoice data, billing contact details, and payment confirmation metadata. We do not intend to store full payment card numbers on CheckInbox servers. Website and usage data may include pages visited, referring URLs, approximate location derived from IP address, browser type, device type, operating system, language preferences, feature usage, clicks, errors, performance data, and analytics events. Cookies and similar technologies may be used to keep you signed in, remember language preferences, protect sessions, improve security, understand website usage, measure performance, support product analytics, and improve the user experience. Some cookies are essential for the service to work. Others may be used for analytics or communication preferences where allowed by law. You should not submit unnecessary sensitive information to CheckInbox. This includes passwords, private keys, payment card numbers, health data, government identifiers, confidential third-party data, or other sensitive information inside test emails, scan samples, support messages, or wording analysis fields unless you have a lawful basis and a valid reason to do so.
How we use and share information
We use information to provide and operate CheckInbox, including account access, authentication, inbox placement monitoring, Scan reports, Word Scanner results, utility tools, admin controls, customer support, product communication, security, troubleshooting, billing, and service reliability. We use email monitoring data to show whether test messages were received, which provider received them, which folder they landed in, and how placement differs across supported seed accounts and providers. We use Scan data to generate diagnostic reports about email authentication, sender infrastructure, content signals, blacklist-style checks, technical findings, and deliverability risks. Scan reports are informational and do not guarantee inbox placement or provider behavior. We use Word Scanner data to detect wording patterns that may increase spam or promotion risk, highlight risky words or phrases, calculate spam and promo scores, and provide practical recommendations for safer wording. We use account, technical, and usage data to maintain security, prevent abuse, detect suspicious activity, investigate errors, protect the platform, enforce our Terms, monitor performance, improve reliability, and develop or improve product features. We may use communication data to respond to your requests, provide support, send onboarding guidance, explain product features, notify you about service changes, and manage our relationship with you. We may send essential service communications, including account messages, security notices, legal notices, billing messages, product-critical updates, operational alerts, and support communications. These messages are necessary for the service and may not always include an unsubscribe option. Where permitted by law and based on your consent or another applicable legal basis, we may send marketing, educational, promotional, newsletter-style, or product-related communications. You can opt out of marketing communications where required by law. Opting out of marketing does not stop essential service, security, legal, billing, or account-related messages. We may use aggregated, anonymized, or de-identified information to understand platform performance, improve scoring logic, improve product reliability, detect abuse, develop new features, publish high-level product insights, and improve the quality of CheckInbox. We do not intentionally publish your confidential message content as part of this process. We may share information with service providers and processors that help us operate CheckInbox. These may include hosting providers, cloud infrastructure providers, database services, email providers, DNS and deliverability infrastructure, analytics providers, security tools, payment processors, authentication providers, customer support tools, monitoring tools, and communication platforms. We may share information with third-party providers when needed to provide a feature you use. For example, email provider integrations may be used for seed monitoring, Mailgun or similar services may be used for inbound scan processing, DNS systems may be queried for technical checks, and payment processors may be used for billing. We may disclose information if required by law, legal process, regulation, court order, government request, or to protect the rights, safety, security, property, users, providers, infrastructure, or legal interests of CheckInbox or others. We may transfer information in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, corporate transaction, or similar event, subject to appropriate confidentiality and legal protections where required. We do not sell your email test content, scan message bodies, or Word Scanner text as standalone content. We also do not intend to use your private email content to publicly identify you or your customers. Some laws define “sale” or “sharing” broadly, especially for advertising and analytics; where applicable, we will provide required rights or controls.
Retention, security, rights, and contact
We keep information for as long as reasonably necessary to provide the service, maintain accounts, support product features, comply with legal obligations, resolve disputes, enforce agreements, prevent abuse, maintain security, support backups, preserve audit logs, manage billing, and improve reliability. Retention periods may vary by data type. Account records may be kept while your account is active. Test results, scan reports, wording analysis history, logs, security records, analytics events, support communications, billing records, and backup data may have different retention periods depending on operational, legal, security, or product needs. You may request access, correction, deletion, export, or restriction of your personal information where applicable law gives you those rights. You may also object to certain processing or withdraw consent where processing is based on consent. These rights may be subject to legal, security, anti-abuse, billing, backup, fraud prevention, or operational limitations. You can control some information directly through your account, browser, device, cookie settings, email preferences, or product settings. You may unsubscribe from marketing communications using the available unsubscribe method where required by law. Essential service, security, legal, billing, and account-related communications may still be sent even if you opt out of marketing. We use reasonable administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, alteration, or disclosure. These safeguards may include access controls, authentication, secure cookies, monitoring, logging, encryption in transit where applicable, provider-level security measures, and operational security practices. No online service can guarantee absolute security. You are responsible for keeping your login credentials secure, using strong passwords, limiting access to your account, and avoiding unnecessary sensitive information in test messages or analysis fields. CheckInbox may operate internationally or use service providers located in different countries. Your information may be processed, stored, or transferred outside your country of residence. Where required, we rely on appropriate legal mechanisms, contractual protections, or other safeguards for international transfers. CheckInbox is not intended for children. You should not use the service if you are under the age required to legally use online services in your jurisdiction or to enter into these Terms. We do not knowingly collect personal information from children. If you use CheckInbox on behalf of a company, agency, client, or organization, you are responsible for ensuring that you have the right to submit and process the relevant data, including test email content, sender information, customer or client data, and campaign-related information. If you submit third-party personal data to CheckInbox, you are responsible for providing required notices, obtaining required consents, maintaining a lawful basis for processing, and complying with applicable privacy, email, marketing, and data protection laws. This Privacy Policy may be updated from time to time. If we make material changes, we may notify you through the website, product interface, email, or another reasonable method. The updated version will apply from the effective date shown or from the time it is posted, depending on the nature of the change. If any part of this Privacy Policy conflicts with a separate written agreement, data processing agreement, or legally required notice that applies to your use of CheckInbox, the more specific document may control for that specific subject. For privacy questions, data requests, or concerns, contact: support@checkinbox.app