Read-only, always
We connect through Unipile's hosted OAuth with read scope only. We can read messages — never send, reply, move, or delete. You never share your password with us.
Bodies are discarded
We read sender, subject, and a snippet to classify a message. The snippet is erased the instant that message is classified, and full message bodies are never persisted.
Automatic disconnect
After each scan's report is ready, we instruct Unipile to delete the mailbox connection. We reconnect read-only only when you start your next scan.
Never used to train AI
Your mailbox data is never used to train, fine-tune, or evaluate any machine-learning model — ours or a provider's.
EU & GDPR
The Service is operated by Bluebry Oy in Finland. Our database is hosted in the EU and we process personal data under the GDPR.
Grounded, not guessed
Every lead cites the actual lines from your email that justify it. The model is instructed never to invent quotes, so you can verify each suggestion.
From connect to disconnect.
- 01
You connect, read-only
You authorize a read-only connection through Unipile's SOC 2 Type II hosted auth. Inboxella never sees your password and has no write access.
- 02
We filter before we read
A deterministic, on-our-servers filter discards bulk senders, newsletters, and automation up front — so only plausible human conversations go further.
- 03
Only snippets reach the model
For the survivors, just the sender, subject, and a short snippet are sent to OpenAI for classification. Full bodies never leave our scan.
- 04
We keep the lead, drop the rest
We store a small lead record (name, email, why it's warm, a draft reply). Snippets are erased on classification and remaining email data is deleted when the report is built.
- 05
Your mailbox disconnects
With the report ready, the mailbox connection is deleted at Unipile automatically. Nothing stays connected.
What we never do.
- Send, reply to, move, or delete any message in your mailbox.
- Store full message bodies.
- Use your data to train or improve any AI model.
- Sell, rent, or share your data for advertising.
- Set analytics, advertising, or third-party tracking cookies.
- Ask for or store your email password.
Everyone who touches your data.
These are the only third parties we share data with, each under a written data-processing agreement. Where data leaves the EEA, we rely on the EU Standard Contractual Clauses.
| Provider | Location | Purpose | What it receives |
|---|---|---|---|
| Unipile SAS | France (EU) | Read-only mailbox connection (SOC 2 Type II) | Message metadata and snippets during the scan |
| OpenAI, OpenCo LLC | United States | Classifies which messages are warm leads | Sender, subject, and short snippet (no full bodies) |
| Stripe Payments Europe, Ltd. | Ireland (EU) | Processes recurring subscription payments | Checkout email; card details never reach us |
| Resend (Plus Five Five, Inc.) | United States | Sends transactional emails (welcome, magic link) | Recipient email address |
| Vercel Inc. | United States | Application hosting and daily maintenance jobs | Application traffic and stored audit data |
| EU-hosted database | European Union | Stores audits and extracted lead records | Lead records and audit metadata |
We do not sell or rent your data, and we never share it for advertising.
How long anything lives.
Deletion is enforced automatically by a daily job — not just a promise on paper.
- Full message bodies
- Never stored
- Message snippets
- Erased the instant a message is classified
- Mailbox connection
- Deleted automatically after each scan
- Lead records & the audit
- Until you delete them, or 90 days of inactivity
- Salted, hashed IP address
- Cleared after 30 days
- Aggregate, anonymized metrics
- Retained — they identify no one
Delete everything, any time.
One click on the report screen wipes the audit, every extracted lead, and disconnects your mailbox. You can also exercise your full GDPR rights — access, correction, erasure, portability — by emailing us, and we'll respond within one month.