Privacy Policy

Last updated: May 24, 2026

1. Introduction

CatchInbox ("we," "our," or "us") operates the website catchinbox.com and the CatchInbox application (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. By using CatchInbox, you agree to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide

  • Account information: Email address when you sign up.
  • Profile information: Role or profession you select during onboarding.
  • Payment information: Credit card details when you subscribe. Payment processing is handled entirely by Stripe, Inc. We do not store your full credit card number on our servers.

2.2 Information from Third-Party Services

  • Gmail: When you connect your Gmail account, we access your email via the Gmail API with read-only permission. We analyze email content to generate AI summaries and score relevance. Email body content is processed transiently and never stored in our database. Only AI-generated summaries and metadata (sender, subject, timestamp) are retained.
  • Slack: When you connect Slack, we obtain your Slack user ID and workspace information. We send alert messages to you via Slack DM. We do not read your Slack messages or access channels beyond what is necessary to deliver alerts.

2.3 Automatically Collected Information

  • Usage data (pages visited, features used, timestamps)
  • Device and browser information
  • Log data (IP address, request headers for debugging and security)

3. How We Use Your Information

  • To provide and maintain the Service, including email analysis and Slack alerts
  • To create and manage your account and subscription
  • To process payments via Stripe
  • To communicate with you about your account, subscription, and Service updates
  • To improve our AI models and the quality of opportunity detection
  • To monitor usage patterns and prevent fraud or abuse
  • To comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We share data only with:

  • Stripe: To process payments and manage subscriptions. Stripe processes your payment data under its own privacy policy.
  • Google (Gmail API): To access your email for analysis purposes as authorized by you, under read-only permissions.
  • Slack: To deliver alert notifications as authorized by you.
  • AI Service Providers: We use third-party AI models (such as DeepSeek) to analyze email content. Email data sent to AI providers is processed transiently and not used for model training where this option is available.
  • Service Providers: Hosting (Vercel), database (Supabase), and other infrastructure providers who process data on our behalf under data processing agreements.
  • Legal Requirements: When required by law, regulation, or legal process.

5. Email Data Handling

Email analysis is central to how CatchInbox works. We want to be transparent about how your email data is handled:

  • Limited access: We use Gmail API with read-only permission. We can read your emails for analysis but cannot send emails, modify labels, or delete emails on your behalf.
  • Analysis only, no storage: Email body content is processed transiently in real time to generate scores, summaries, and intent classification. Body content is never stored in our database. Only AI-generated metadata (sender, subject, timestamp), scores, summaries, and intent labels are retained.
  • AI processing: Email content is sent to our AI provider for analysis. We use API configurations that minimize data retention and opt out of model training where available.
  • Retention: Email metadata and AI summaries are retained for the duration of your subscription. Upon account deletion, all email-related data is permanently deleted within 30 days.
  • Revocable access: You can revoke Gmail access at any time from your Google Account settings. Revoking access stops all email analysis immediately.

6. Data Security

We implement industry-standard security measures to protect your data:

  • All data in transit is encrypted via TLS/HTTPS
  • Gmail and Slack tokens are stored securely in our access-controlled database
  • Access to production systems is restricted and logged
  • Database access is restricted to server-side service components with user-scoped authorization checks
  • Payment data is handled exclusively by Stripe (PCI DSS compliant)

No system is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Data Retention

  • Active accounts: Data is retained for the duration of your subscription.
  • Canceled subscriptions: Your data is retained for 30 days after cancellation in case you wish to reactivate. After 30 days, all data is deleted.
  • Account deletion: You may request full account deletion at any time. All personal data will be permanently deleted within 30 days.
  • Backup copies: Residual copies may exist in backup systems for up to 60 days after deletion.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Delete your personal data
  • Object to or restrict processing of your personal data
  • Data portability — receive your data in a structured format
  • Withdraw consent at any time (which may affect Service functionality)

To exercise any of these rights, contact us at privacy@catchinbox.com.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including Standard Contractual Clauses where required, to protect your data during international transfers.

10. Children's Privacy

CatchInbox is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

  • Email: privacy@catchinbox.com
  • Website: https://catchinbox.com
← Back to CatchInbox