Privacy Policy

Last Updated: December 13, 2025

1. Introduction

Welcome to InboxIQ ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered customer support application ("Service"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

2. Information We Collect

2.1 Information You Provide to Us

Account Information: When you create an account, we collect your email address, business name, and authentication credentials.
Business Information: Your Shopify store domain, business settings, and preferences.
Email Configuration: IMAP/SMTP server details, email addresses, and encrypted email passwords for accessing your customer support inbox.
Customer Support Content: Customer emails, messages from Facebook Messenger and Instagram, and AI-generated responses.

2.2 Information from Third-Party Services

Shopify: Store information, merchant details, and authentication tokens when you install our app on your Shopify store.
Facebook/Instagram: Page information, Instagram account details, messages sent to your business pages, and user IDs (PSIDs/IGSIDs) when you connect your Facebook or Instagram accounts.
Email Providers: Email content, sender information, and metadata from emails received in your configured support inbox.

2.3 Automatically Collected Information

Usage Data: Information about how you use our Service, including features accessed and actions taken.
Log Data: Server logs, error reports, and system diagnostics.
Device Information: Browser type, IP address, and operating system.

3. How We Use Your Information

We use the information we collect to:

Provide the Service: Process customer support emails and messages, generate AI responses, and manage your customer support workflow.
AI Processing: Send customer messages to OpenAI's API (using your API key) to generate intelligent responses based on your guidelines and knowledge base.
Platform Integration: Connect with Shopify, Facebook, Instagram, and email providers to receive and send messages on your behalf.
Improve Our Service: Analyze usage patterns to enhance features and user experience.
Security: Detect and prevent fraud, abuse, and security incidents.
Communication: Send you service-related notifications and updates.
Compliance: Comply with legal obligations and enforce our terms of service.

4. Data Storage and Security

4.1 Data Storage

Database: We store your data in a secure database.
Tenant Isolation: Each business account has completely isolated data storage. Your data is never mixed with other customers' data.
Encryption: Sensitive data is encrypted.

4.2 Security Measures

Industry-standard encryption for data in transit (HTTPS/TLS)
Encrypted storage for sensitive credentials
Regular security updates and monitoring
Access controls and authentication requirements
Secure webhook signature verification for third-party integrations

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We share data with the following third-party services to provide our Service:

OpenAI: Customer messages are sent to OpenAI's API (using your API key) to generate AI responses. OpenAI's use of this data is governed by their privacy policy and API terms.
Railway: Our hosting provider that stores application data and databases.
Shopify: To authenticate your store and access necessary store information.
Facebook/Meta: To receive and send messages via Facebook Messenger and Instagram.
Email Providers: To access and send emails through your configured email accounts.

5.2 We Do Not

Sell your personal information to third parties
Use your customer data for our own marketing purposes
Share your data with advertisers
Train our own AI models on your customer conversations

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities.

6. Your Data Rights

You have the following rights regarding your data:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your account and associated data.
Export: Request a machine-readable export of your data.
Opt-Out: Disconnect third-party integrations at any time through your account settings.

To exercise these rights, please contact us using the information provided below.

7. Data Retention

Active Accounts: We retain your data for as long as your account is active and you continue to use our Service.
Account Deletion: When you delete your account, we permanently delete all associated data within 30 days, except where we are required to retain it for legal or regulatory purposes.
Backups: Deleted data may persist in backups for up to 90 days before being permanently removed.

8. Facebook and Instagram Data

Specific to our Facebook and Instagram integration:

We only access messages sent to your business pages/accounts
We store message content, sender IDs (PSIDs/IGSIDs), and conversation metadata
We use this data solely to generate and send responses on your behalf
You can disconnect Facebook/Instagram integration at any time
We comply with Meta's Platform Terms and Developer Policies
User data from Facebook/Instagram is not shared with other services except as necessary to provide the Service (e.g., sending to OpenAI for response generation)

9. Google User Data (Gmail Integration)

When you connect your Gmail account to InboxIQ, we access your email data through Google's OAuth 2.0 authentication. This section describes our use of Google user data in compliance with Google API Services User Data Policy, including the Limited Use requirements.

9.1 What Google Data We Access

Email Content: We access emails in your inbox to process customer support messages
Email Metadata: Sender information, timestamps, and message IDs
User Profile: Your email address to identify your connected account

9.2 How We Use Google Data

InboxIQ's use and transfer of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements. Specifically:

Primary Use: We use your Gmail data solely to provide the customer support automation features of InboxIQ, including reading incoming customer emails and sending responses on your behalf
AI Processing: Customer emails may be sent to OpenAI's API to generate AI-powered responses. This is a core feature of our Service that you explicitly enable
No Other Transfers: We do not transfer your Google data to any other third parties except as necessary to provide the Service

9.3 Limited Use Disclosure

Our use of Google user data is limited to providing or improving user-facing features that are prominent in InboxIQ's user interface. We confirm that:

We do not use Google user data for serving advertisements
We do not transfer or sell Google user data to third parties for advertising, data brokering, or information reselling
We do not use Google user data to determine creditworthiness or for lending purposes
We do not allow humans to read your Google data unless: (a) you have given us explicit consent to view specific messages, (b) it is necessary for security purposes such as investigating abuse, or (c) we are required to by law

9.4 Data Storage and Security

Gmail OAuth tokens are encrypted at rest using industry-standard encryption
Access tokens are automatically refreshed and old tokens are not retained
You can disconnect your Gmail account at any time through your InboxIQ settings
When you disconnect, we delete your Gmail OAuth tokens immediately

9.5 Revoking Access

You can revoke InboxIQ's access to your Google account at any time by:

Disconnecting Gmail in your InboxIQ settings, or
Visiting Google Account Permissions and removing InboxIQ

10. Shopify Data

Specific to our Shopify integration:

We access your store domain, merchant information, and authentication tokens
We may access customer order information to provide context for AI responses (if you enable this feature)
We comply with Shopify's API Terms of Service and App Store Requirements
You can uninstall our app from Shopify at any time

11. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. We take appropriate safeguards to ensure your data is protected in accordance with this Privacy Policy.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. You are advised to review this Privacy Policy periodically for any changes.

14. California Privacy Rights

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information is collected, used, shared, or sold
Right to delete personal information
Right to opt-out of the sale of personal information (we do not sell personal information)
Right to non-discrimination for exercising your CCPA rights

15. GDPR Compliance (European Users)

If you are located in the European Economic Area (EEA), you have additional rights under GDPR:

Right to access, rectification, erasure, and data portability
Right to restrict or object to processing
Right to withdraw consent at any time
Right to lodge a complaint with a supervisory authority

Our legal basis for processing your data includes:

Contract: Processing necessary to provide the Service you requested
Consent: You have given explicit consent for specific processing activities
Legitimate Interests: Processing necessary for our legitimate business interests

16. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

Email: support@inboxiq.app
Website: https://inboxiq.app

For data protection inquiries or to exercise your privacy rights, please include "Privacy Request" in the subject line of your email.

17. Consent

By using our Service, you consent to our Privacy Policy and agree to its terms. If you do not agree with this policy, please do not use our Service.