Our Commitment to Security and Privacy

At InboxAct, your data security and privacy are not just features—they're fundamental principles that guide everything we do.

Data Security Measures

Encryption at Every Level

TLS 1.3 for all data transmission

AES-256 encryption for data at rest

End-to-end encryption for sensitive operations

Access Controls

OAuth 2.0 for secure account connections

Minimal permissions - we only request what we need

Token rotation for enhanced security

Infrastructure Security

SOC 2 Type II compliant hosting

Regular security audits by third-party experts

24/7 monitoring and threat detection

Privacy-First Approach

Data Minimization

We only process data necessary for functionality:

Email metadata for task creation

Message content temporarily for AI processing

No permanent storage of email content

Transparency

Clear consent for all data processing

Detailed privacy policy in plain language

Regular updates on any changes

User Control

Easy account deletion removes all data

Granular permissions for different features

Data export available on request

Compliance and Certifications

GDPR compliant for European users

CCPA compliant for California residents

SOC 2 Type II for operational security

ISO 27001 certification in progress

Third-Party Integrations

Gmail Security

Uses Google's official APIs

Follows Google's security best practices

Regular OAuth token validation

Todoist Security

Official Todoist integration partner

Encrypted API communications

Minimal data sharing

Incident Response

In the unlikely event of a security incident:

Immediate containment and investigation

Transparent communication within 72 hours

Full remediation and prevention measures

Questions About Security?

We're happy to discuss our security practices. Contact our security team for detailed information.

Your trust is our most valuable asset. Start your secure journey with InboxAct today.