Privacy Policy

Last Updated: January 11, 2026

Our Commitment to Privacy

InboxZebra is built with privacy as a core principle. We process your emails locally on your device using Ollama (local LLM), send zero telemetry, and only collect the minimal data necessary to provide subscription services.

Key Principles:

• Local Processing: All email categorization happens on your Mac (via Ollama)
• No Telemetry: We don’t track, analyze, or send your usage data anywhere
• Minimal Data: We only collect what’s necessary for subscriptions
• Your Control: You own your data and can export or delete it anytime

What Data We Collect

Email Data (Local Only)

What: Email metadata (subject, sender, dates, categories)
Where: Stored locally on your Mac in encrypted Core Data database
Why: To display your emails and category assignments
Encryption: AES-256-GCM encryption for email bodies
Sharing: Never shared, never leaves your device

We do NOT:

• Send email content to external servers
• Use cloud AI services for categorization (all processing is local via Ollama)
• Track which emails you receive or send
• Access your email content except what you explicitly allow the app to process

Account Credentials (Secure Storage)

What: OAuth tokens for Office 365 and Gmail
Where: macOS Keychain (encrypted by operating system)
Why: To connect to your email accounts
Encryption: Secured by macOS with kSecAttrAccessibleAfterFirstUnlock
Sharing: Never shared, only used to fetch emails from your providers

Application Settings (Local Only)

What: Categories, labels, learning examples, preferences
Where: UserDefaults (~/Library/Preferences/com.inboxzebra.app.plist)
Why: To remember your preferences and improve categorization
Sharing: Never shared, stays on your device

Subscription and Licensing Data (Optional - Only If You Purchase)

What we collect if you purchase a subscription:

Email Address:

• Purpose: License delivery, subscription management
• Storage: Processed by Paddle and Keygen.sh (see subprocessors below)
• Retention: Until subscription ends + 90 days

License Key:

• Purpose: Validate your subscription
• Storage: Stored locally on your device only
• Sharing: Validated with Keygen.sh (public API, no personal data sent)

Device Fingerprint (Hardware UUID):

• Purpose: Enforce 2-device limit
• What it is: Hardware UUID from your Mac (via IOKit)
• Privacy: Cannot identify you personally (it’s just a machine identifier)
• Storage: Sent to Keygen.sh for device activation tracking

Subscription Metadata:

• Purpose: Display subscription status, enforce feature limits
• What: Tier (Pro/Business), start date, expiry date
• Storage: Locally on your device + Keygen.sh for validation

Third-Party Service Providers (Subprocessors)

InboxZebra uses the following trusted third-party services to provide subscription and licensing functionality:

How Subscription Data Flows

When you purchase a subscription, data flows through our subprocessors in this sequence:

Step 1: Purchase (Paddle)

• You enter payment info on Paddle’s secure checkout
• Paddle processes payment and creates subscription
• Data: Email, payment info, billing address

Step 2: Webhook Event (Vercel)

• Paddle sends webhook notification to our Vercel function
• Webhook receives: Email, subscription ID, product purchased
• Webhook processes event (takes ~1 second)
• No data stored permanently by Vercel

Step 3: License Creation (Keygen)

• Webhook calls Keygen API to create license
• Keygen generates unique license key
• Data stored: Email, license key, policy

Step 3b: License Delivery (Resend)

• Webhook sends license key email via Resend
• Email contains license key and activation instructions
• Data processed: Email address, license key (in email content)

Step 4: Activation (Your Mac + Keygen)

• You enter license key in InboxZebra
• App validates with Keygen API (public endpoint)
• App activates device (sends hardware UUID to Keygen)
• Data stored: License key (local), hardware UUID (Keygen)

Important: Your email content NEVER touches any of these services. Only subscription metadata flows through this system.

Detailed Subprocessor Information

Payment Processing - Paddle

Provider: Paddle.com Market Limited
Purpose: Payment processing, subscription billing, tax compliance
Data Processed:

• Email address
• Payment information (credit card, billing address)
• Purchase history
• Transaction records

Data Location: EU and US data centers
Privacy Policy: https://www.paddle.com/legal/privacy
GDPR Compliance: PCI DSS Level 1, SOC 2 Type II, GDPR compliant
Notes:

• Paddle acts as Merchant of Record and handles all payment data securely
• InboxZebra never sees or stores your credit card information
• All payment data is processed exclusively by Paddle
• Paddle handles all tax compliance and invoicing

Webhook Infrastructure - Vercel

Provider: Vercel Inc.
Purpose: Serverless function hosting for webhook processing (connects Paddle to Keygen)
Data Processed:

• Webhook event data from Paddle (email address, subscription ID, product ID)
• License creation requests to Keygen (email address, policy ID)
• Server logs (timestamps, request metadata)

Data Location: US data centers (automatically deployed to closest region)
Privacy Policy: https://vercel.com/legal/privacy-policy
GDPR Compliance: SOC 2 Type II, GDPR compliant
Data Retention: Server logs retained for 7 days, then automatically deleted
Notes:

• Vercel hosts our webhook handler that receives subscription events from Paddle
• Webhook only processes subscription metadata (email, product purchased)
• No email content passes through Vercel - only billing/subscription data
• Functions execute in a secure, isolated environment
• All communication is encrypted with TLS 1.3
• Webhook URL: https://webhook-handler-black.vercel.app/api/paddle-webhook

License Management - Keygen.sh

Provider: Keygen, Inc. (keygen.sh)
Purpose: License key generation, validation, and device activation tracking
Data Processed:

• Email address (for license association)
• License keys (generated by Keygen)
• Device fingerprints (hardware UUIDs)
• Activation dates and hostnames
• Machine platform information (macOS version)

Data Location: US data centers
Privacy Policy: https://keygen.sh/privacy/
GDPR Compliance: SOC 2 Type II, GDPR compliant
Notes:

• Keygen validates license keys and tracks device activations to enforce 2-device limit
• Device fingerprints are hardware UUIDs and cannot identify individuals
• Keygen does not access your email content or usage patterns
• License validation uses a public API (no API keys exposed)

Email Delivery - Resend

Provider: Resend, Inc. (resend.com)
Purpose: Transactional email delivery for license key distribution
Data Processed:

• Email address (recipient)
• License key (included in email content)
• Subscription tier (Pro/Business)

Data Location: US data centers
Privacy Policy: https://resend.com/legal/privacy-policy
GDPR Compliance: SOC 2 Type II, GDPR compliant
Notes:

• Resend sends license key emails after successful subscription purchase
• Email content includes license key and activation instructions
• Resend does not store email content after delivery (transient processing)
• Delivery logs retained for 30 days for troubleshooting
• We do NOT use Resend for marketing emails, only transactional license delivery

How We Use Your Data

Email Data (Local Processing Only)

• Categorization: Process with Ollama (local LLM) to suggest categories
• Display: Show your emails in the app interface
• Search: Enable you to find emails quickly
• Learning: Store examples to improve future categorization accuracy

All processing happens locally on your Mac. We never send email content to external servers.

Subscription Data

• License Validation: Check if your license is valid and active
• Device Tracking: Enforce 2-device limit (via Keygen.sh)
• Feature Access: Enable Pro/Business features based on your tier
• Support: Assist you if you have subscription issues

How We Share Your Data

InboxZebra shares minimal data with trusted third parties only as necessary to provide subscription services:

Payment Processing (Paddle)

When: You make a purchase
What: Email address, payment information (handled entirely by Paddle)
Why: To process payments, manage subscriptions, handle taxes
Your Rights: Access, modify, or cancel via Paddle customer portal (link in purchase email)

We do NOT share your email content with Paddle. They only receive your billing email address.

Webhook Processing (Vercel)

When: You purchase or modify a subscription
What: Subscription event data (email address, subscription ID, product purchased)
Why: To automatically create and manage licenses when you subscribe
How it works:

• Paddle sends webhook event → Vercel function → Creates license in Keygen
• Data is processed in transit only (not stored by Vercel)
• Server logs automatically deleted after 7 days

We do NOT share your email content with Vercel. Only subscription metadata passes through the webhook.

License Management (Keygen.sh)

When: You activate a license
What: Email address, license key, device fingerprint (hardware UUID)
Why: To validate licenses and enforce 2-device limit
Your Rights: Contact support@inboxzebra.com to request deletion

We do NOT share your email content with Keygen. They only receive licensing metadata.

Data Flow Summary

Here’s how subscription data flows through our subprocessors:

You purchase → Paddle (payment) → Webhook (Vercel) → License created (Keygen) → Email sent (Resend) → You receive license
                    ↓                      ↓                    ↓                       ↓
            Payment data          Subscription event      License key           License delivery email
            (stored by Paddle)    (processed in transit)  (stored by Keygen)    (transient processing)

Important: Your email content NEVER touches any of these services. Only subscription-related data (email address, product purchased) is shared.

We NEVER Share:

• ❌ Your email content
• ❌ Your email metadata (subjects, senders, dates)
• ❌ Your categorization data or learning examples
• ❌ Your usage patterns or behavior
• ❌ Any data for advertising or marketing purposes
• ❌ Your OAuth tokens or email account credentials

Data Retention

Email Data (Local)

Retention: Stored on your device until you delete it
Deletion: Settings → Data Management → Clear All Emails
Encryption: Email bodies encrypted with AES-256-GCM

OAuth Tokens (Local)

Retention: Stored in Keychain until you disconnect account
Deletion: Settings → Accounts → Remove Account
Security: Protected by macOS Keychain encryption

Subscription Data

License Keys:

• Stored locally on your device until you deactivate
• Not sent to InboxZebra servers (we don’t have servers)

Paddle Data:

• Retained by Paddle per their retention policy
• Typically 7 years for tax and legal compliance
• Managed via Paddle customer portal

Vercel Data:

• Webhook event logs: Automatically deleted after 7 days
• Function execution logs: Automatically deleted after 7 days
• No permanent storage of subscription data (processed in transit only)

Keygen Data:

• Retained while subscription is active
• Plus 90 days after cancellation (for reactivation)
• Deleted upon request to support@inboxzebra.com

Resend Data:

• Email delivery logs: Retained for 30 days
• Email content: Processed transiently, not stored after delivery
• No long-term retention of license keys or personal data

Your Rights: You can request deletion of your subscription data at any time by contacting support@inboxzebra.com.

Your Privacy Rights

Access & Control

You have comprehensive rights over your data:

Email Data (Local):

• View: Browse all your data in the app
• Export: Settings → Data Management → Export All Data
• Delete: Settings → Data Management → Clear specific categories or all data

Subscription Data:

• View: Settings → Subscription (see tier, expiry, devices)
• Modify: Update billing via Paddle customer portal
• Cancel: Cancel subscription anytime (processed by Paddle)
• Delete: Request deletion via support@inboxzebra.com

GDPR Rights (EU Users)

If you’re in the European Union, you have these additional rights:

• Right to Access: Request a copy of all data we process
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data (“right to be forgotten”)
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Export your data in machine-readable format
• Right to Object: Object to certain data processing activities
• Right to Withdraw Consent: Withdraw consent for data processing anytime

To exercise GDPR rights:

• InboxZebra data: Use in-app export or contact support@inboxzebra.com
• Paddle data: Contact https://www.paddle.com/support
• Keygen data: Contact support@inboxzebra.com

CCPA Rights (California Users)

If you’re a California resident, you have these rights:

• Right to Know: What personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of sale of personal information (we never sell your data)
• Right to Non-Discrimination: Equal service regardless of privacy choices

To exercise CCPA rights: Contact support@inboxzebra.com

Data Security

How We Protect Your Data

Encryption:

• Email bodies: AES-256-GCM encryption at rest
• OAuth tokens: macOS Keychain encryption
• Network: HTTPS/TLS for all API communications

Local Storage:

• All email data stored on your device only
• Core Data database protected by macOS file permissions
• Touch ID/Password required for sensitive operations

No Cloud Storage:

• We don’t have cloud servers for your email data
• No backups to our servers
• No synchronization across devices (everything is local)

Secure Communication:

• Ed25519 signature verification for license validation
• HMAC-SHA256 for webhook verification
• OAuth 2.0 for email provider authentication

Third-Party Security

Paddle:

• PCI DSS Level 1 certified (highest payment security standard)
• SOC 2 Type II compliant
• GDPR compliant
• Handles all payment data securely

Vercel:

• SOC 2 Type II compliant
• ISO 27001 certified
• GDPR compliant
• TLS 1.3 encryption for all connections
• Automatic DDoS protection
• Isolated function execution (no cross-contamination)
• Automatic security updates
• Infrastructure as Code (auditable, version-controlled)

Keygen.sh:

• SOC 2 Type II compliant
• GDPR compliant
• Ed25519 cryptographic signatures
• TLS 1.3 encryption for all API calls

Resend:

• SOC 2 Type II compliant
• GDPR compliant
• TLS encryption for all email delivery
• DKIM, SPF, and DMARC email authentication
• No long-term storage of email content

Children’s Privacy

InboxZebra is not intended for users under 13 years old. We do not knowingly collect data from children under 13.

If you believe a child under 13 has provided us with personal information, please contact us immediately at support@inboxzebra.com and we will delete it.

Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect:

• New features or functionality
• Changes in data processing practices
• Changes in legal requirements
• Updates to third-party services

When we make changes:

• We’ll update the “Last Updated” date at the top
• For material changes, we’ll notify you via email (if you’re a subscriber)
• Continued use after changes constitutes acceptance

Version History:

• January 11, 2026: Added Resend as subprocessor for license key email delivery
• January 9, 2026: Added Paddle, Vercel, and Keygen.sh subprocessors for subscription system

Contact Us

Privacy Questions

For questions about this privacy policy or data processing:

Email: support@inboxzebra.com
Subject: “Privacy Policy Inquiry”

Response time: Within 3 business days

Subprocessor-Specific Questions

Paddle (Payment Processing):

• Support: https://www.paddle.com/support
• Privacy: https://www.paddle.com/legal/privacy
• Customer Portal: Link in your purchase email

Vercel (Webhook Infrastructure):

• Support: https://vercel.com/support
• Privacy: https://vercel.com/legal/privacy-policy
• Security: https://vercel.com/security

Keygen.sh (License Management):

• Support: https://keygen.sh/support
• Privacy: https://keygen.sh/privacy/

Resend (Email Delivery):

• Support: https://resend.com/support
• Privacy: https://resend.com/legal/privacy-policy

Data Protection Officer

For formal data protection inquiries (GDPR/CCPA):

Email: support@inboxzebra.com
Subject: “Data Protection Request”

Legal Basis for Processing (GDPR)

If you’re in the EU, here’s our legal basis for processing your data:

Email Data (Local):

• Basis: Legitimate Interest
• Interest: Provide core email management functionality
• Your Rights: You can object and delete data anytime

Subscription Data:

• Basis: Contract Performance
• Purpose: Fulfill subscription agreement
• Your Rights: Access, rectify, delete after cancellation

License Validation:

• Basis: Legitimate Interest
• Interest: Prevent subscription fraud and enforce license terms
• Your Rights: Object and request deletion

International Data Transfers

Email Data: Stays on your device (no international transfer)

Subscription Data:

• Paddle: Transfers to EU and US data centers (GDPR-compliant)
• Vercel: Transfers to US data centers and edge locations (GDPR-compliant)
• Keygen: Transfers to US data centers (GDPR-compliant)
• Resend: Transfers to US data centers (GDPR-compliant)

All subprocessors comply with GDPR requirements for international data transfers, including:

• Standard Contractual Clauses (SCCs)
• EU-US Data Privacy Framework participation (where applicable)
• Adequate security measures for data protection

Cookies and Tracking

Desktop App: InboxZebra does not use cookies or tracking technologies.

Website: Our website may use minimal analytics cookies. You can disable cookies in your browser settings.

Telemetry: We send ZERO telemetry from the app. No usage tracking, no crash reports, no analytics.

Your California Privacy Rights (Shine the Light)

California Civil Code Section 1798.83 permits California residents to request information about disclosure of personal information to third parties for direct marketing.

InboxZebra does not:

• Share data for direct marketing purposes
• Sell personal information to third parties
• Use your data for advertising

Summary (TL;DR)

What makes InboxZebra private:

• ✅ All email processing is local (Ollama on your Mac)
• ✅ Zero telemetry or usage tracking
• ✅ Email content never leaves your device
• ✅ Encrypted storage (AES-256-GCM)
• ✅ OAuth tokens in secure Keychain

What we share (only if you subscribe):

• Email address → Paddle (payment processing) → Vercel (webhook processing) → Keygen (license management)
• Hardware UUID → Keygen (for 2-device limit enforcement)
• Payment info → Paddle only (we never see your credit card)
• We never share your email content or email metadata

Our subprocessors:

• Paddle: Payment processing (handles all billing)
• Vercel: Webhook infrastructure (connects Paddle to Keygen)
• Keygen: License management (validates subscriptions)
• Resend: Email delivery (sends license keys to you)

Your rights:

• Export all your data anytime
• Delete your data anytime
• Cancel subscription anytime
• Request deletion from subprocessors

Questions? support@inboxzebra.com

This privacy policy is effective as of January 11, 2026 and applies to all users of InboxZebra.