GDPR Compliance

Effective Date: September 21, 2025

InboxSure is committed to handling personal data in line with the EU General Data Protection Regulation (GDPR). This page summarizes how we comply, the lawful basis on which we process data, and the rights you have as a data subject. For the full picture, read our Privacy Policy.

1. Roles

For account holders, InboxSure acts as a data controller for your account information (name, email, billing).

For email addresses you submit for verification, InboxSure acts as a data processor on your behalf — you remain the controller of those addresses and are responsible for the lawful basis on which they were collected.

2. Lawful basis for processing

  • Contract: we process your account data to provide the verification service you signed up for.
  • Legitimate interest: for analytics, fraud prevention, and to keep the service secure and operational.
  • Consent: for any marketing communications you opt into.
  • Legal obligation: when required to retain data for tax, accounting, or compliance reasons.

3. Data minimization

We process only what we need to verify your emails and run your account. Email addresses submitted for verification are processed in memory and not retained long-term unless you explicitly opt into list management features.

4. Security

  • TLS 1.2+ for all data in transit.
  • AES-256 encryption at rest.
  • Role-based access controls and audit logging on production systems.
  • Regular dependency and security reviews.

5. Your rights

Under GDPR you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request erasure (“right to be forgotten”).
  • Restrict or object to processing.
  • Data portability — export your data in a portable format.
  • Withdraw consent at any time, where consent is the lawful basis.
  • Lodge a complaint with your local supervisory authority.

To exercise any of these rights, email ask@inboxsure.io. We aim to respond within 30 days.

6. Data Processing Agreement

If you require a Data Processing Agreement (DPA) for your use of InboxSure, contact us at ask@inboxsure.io and we'll send a standard DPA for signature.

7. International transfers

Where personal data is transferred outside the EU/EEA, we rely on appropriate safeguards such as Standard Contractual Clauses to protect your information.

8. Contact

For any GDPR-related questions, contact ask@inboxsure.io.