Privacy Policy
Effective: 6 February 2025
anycast.io UG (haftungsbeschränkt) (hereafter “we,” “us,” or “our”) takes your privacy seriously. To better protect your privacy, we provide this privacy policy notice explaining how your personal information is collected, processed, and used.
1. Who Collects Your Data?
We act as the controller of your personal data when you use our site and services (“Services”). For AI-assisted email classification, we use 2342.ai as our controlled German AI platform layer. 2342.ai is operated from Germany and provides API-compatible access to approved SOTA models with central access, usage, and governance controls.
2. Data We Collect
Account Data
- Profile Information: Name, email address, avatar/profile picture
- Authentication Data: Hashed passwords, confirmation timestamps, two-factor authentication settings (if enabled)
- Access Information: Last sign-in time, IP addresses, browser details
- Account Settings: Marketing email preferences, beta feature access, account status
Organization Data
- Team Information: Organization names, membership roles, join dates
- Usage Metrics: Email processing counts, API usage statistics
Email Processing Data (InboxRobot Feature)
- Email Metadata: Sender addresses, recipients, subject lines, message IDs
- Processing Records: Forwarding actions, spam classifications, timestamps
- Mail Account Settings: IMAP/SMTP configurations (encrypted)
- Note: Email body content is processed transiently and not permanently stored
Activity & System Data
- Activity Logs: User actions within the system (limited to 1000 most recent entries)
- Notifications: System notifications and alerts
- Technical Data: Browser information, timestamps, referring pages for administration
3. Email Processing & Use of AI Services
InboxRobot Email Automation
- Automated Processing: We process emails through IMAP connections according to your configured rules
- Data Retention: Email metadata (sender, subject, timestamps) is retained for accounting and history
- Email Content: Body content is processed transiently for classification but not permanently stored
- Processing Limits: Subject to plan-based limits on number of emails processed per month
- Email History: Processing records retained based on your subscription plan (6-24 months)
AI-Powered Features
- GDPR-compliant by default: Email classification runs through 2342.ai with privacy-safe defaults. There is no user-facing switch that weakens the configured privacy posture.
- Controlled model access: 2342.ai acts as the governed access layer for approved models, with central API access, traceable usage, and German platform operation.
- No permanent email-body storage: Email body content is processed transiently for classification and is not permanently stored by InboxRobot.
4. Cookies and Tracking
Essential Cookies
- Session Management: Authentication and security cookies required for login
- Remember Me: Optional long-term authentication cookie (60 days) if you check “Remember me”
- Language Preference: Stores your selected language (1 year)
Analytics (Privacy-Focused)
- Plausible Analytics: We use Plausible.io for privacy-friendly, cookie-free analytics
- No Personal Data: Plausible collects only aggregated statistics without tracking individual users
- EU-Based: All analytics data is processed and stored within the EU
- No Cookie Consent Required: As Plausible doesn’t use cookies or collect personal data
5. Third-Party Services
We integrate with the following third-party services:
Payment Processing
- Stripe: Handles all payment transactions securely. We do not store credit card details.
- Customer Data: Stripe customer IDs and subscription status are synced with our system
Infrastructure Services
- Email Delivery: Third-party SMTP services for transactional emails
- File Storage: Cloud storage providers for user-uploaded files (avatars, etc.)
Analytics
- Plausible.io: Privacy-focused, GDPR-compliant analytics (no cookies, EU-based)
All third-party services are bound by data processing agreements ensuring GDPR compliance.
6. Links to Third-Party Websites
We include links on this site for reference. We are not responsible for the privacy policies on these external sites.
7. Security
We prioritize the security of your personal data. However, no method of transmission over the internet or electronic storage is 100% secure. We strive to use commercially acceptable means to protect your personal data but cannot guarantee absolute security.
8. Your Data Rights
Under GDPR, you have the following rights:
Access & Portability
- Data Export: Request a complete export of your personal data through your account settings
- Rate Limited: One export request per hour to prevent abuse
- Format: Data provided in human-readable HTML format
Correction & Deletion
- Profile Updates: Edit your information directly in account settings
- Account Deletion: Soft delete (marks account as deleted but retains data for recovery)
- Team Deletion: Hard delete of organization data when team owner deletes the team
- Data Retention: Deleted account data may be retained for legal/tax requirements
Control & Consent
- Marketing Communications: Opt in/out of marketing emails in settings
- Cookie Preferences: Managed through browser settings
- AI Processing: AI-assisted email classification is configured with GDPR-compliant defaults and is not exposed as a weaker user-selectable processing mode
To exercise these rights, contact us at support@inboxrobot.de
9. Data Retention
- Active Accounts: Data retained for duration of service use
- Email History: 6-24 months based on subscription plan, then automatically deleted
- Activity Logs: Limited to 1000 most recent entries
- Deleted Accounts: Soft-deleted, may be retained for legal compliance
- Financial Records: 7 years for tax/accounting requirements (German law)
- Backups: 30-day backup retention for disaster recovery
10. Changes to This Privacy Policy
This Privacy Policy is effective as of the date above and will remain in effect unless we make any future revisions. If material changes occur, we will notify you via email or a prominent notice on our website. Please check back periodically to stay informed of any updates.
11. Data Processing Agreement
For business customers requiring a Data Processing Agreement (DPA) under GDPR Article 28, please contact us to request our standard DPA.
12. Contact Information & Data Protection Officer
For privacy-related questions or to exercise your data rights:
- Email: support@inboxrobot.de
- Controller: anycast.io UG (haftungsbeschränkt)
- Address: Hintere Strasse 125a
Supervisory Authority: You have the right to lodge a complaint with your local data protection authority.