Legal

Privacy Policy

Last updated: 1 January 2025. This policy explains how InboxQuarry collects, uses, and protects your personal data.

1. Who We Are

InboxQuarry ("we", "us") is an email marketing platform operated by InboxQuarry GmbH, incorporated under German law and headquartered in the European Union. We act as the Data Controller for our customers' personal data (account and billing data) and as a Data Processor for subscriber data sent through our platform.

2. Data We Collect

We collect the minimum data necessary to operate the service:

  • Account data: name, email address, company name, hashed password, and billing information.
  • Usage data: campaign statistics, login timestamps, and IP addresses (retained 7 days).
  • Subscriber data: email addresses and any custom fields you import into the platform on behalf of your subscribers. You remain the data controller for this data.

3. How We Use Your Data

We use your account data to provide the service, send essential communications (billing receipts, service alerts), prevent fraud, and comply with legal obligations. We do not use your data for advertising. We do not sell your data to any third party.

4. Your Subscribers' Data

As a InboxQuarry customer, you are the data controller for your subscribers' personal data. You are responsible for ensuring you have a valid legal basis (e.g., explicit consent) for sending marketing emails. InboxQuarry processes this data only on your instructions as a data processor, under a Data Processing Agreement (DPA) available on request.

5. Storage & Security

All data is stored on EU-based, ISO 27001 certified servers. We use AES-256 encryption at rest and TLS 1.3 in transit. Access to production data is restricted to authorised engineers with two-factor authentication.

6. Cookies

We use essential cookies for session authentication and security. We use minimal, first-party analytics cookies to improve the product. We do not use third-party advertising or tracking cookies. You can opt out of analytics cookies in your account settings.

7. Third Parties

We share data with third parties only when necessary: EU-based infrastructure providers (bound by data processing agreements) and our payment processor (PCI-DSS compliant). We do not share data with advertising networks.

8. Your GDPR Rights

You have the right to access, rectify, erase, port, restrict processing of, and object to processing of your personal data. To exercise these rights, email privacy@inboxquarry.com. We will respond within 30 days.

9. Data Retention

We retain your data for as long as your account is active. On account deletion, your data is purged within 30 days. Billing records are retained for 7 years as required by EU tax law.

10. Policy Changes

We will notify you by email 30 days before any material changes to this policy. The "Last updated" date reflects the most recent revision.

Questions? Contact privacy@inboxquarry.com.