Privacy Policy
Effective 2026-07-03
What we process
- Email addresses you submit for verification. We act as a processor: addresses are used to run the verification, cached for up to 72 hours (so your re-verification is free), and retained in request logs for up to 90 days for billing and abuse prevention. They are never sold, shared with third parties for marketing, or used to build lists.
- Account data: your billing email, hashed API keys (we cannot recover raw keys), and a credit ledger. Payments are processed by Stripe or settled on-chain via x402 — we never see card numbers.
- Dashboard: your API key is stored in your own browser's localStorage only; we set no tracking cookies and run no third-party analytics.
Escalated verifications
When a verification result is unknown, the single address may be submitted to a wholesale verification provider to resolve it. The response evidence discloses when this happened.
Your rights
Request deletion of any address or your account data: hello@inboxpolicy.com. We answer within 30 days. EU/UK data subjects: we support access, rectification, and erasure requests under GDPR.
Infrastructure
Servers are located in the EU (Sweden). Transport is TLS end to end.