Privacy Policy

1. Who we are

InboxDoc is an AI-powered invoice processing service. We help businesses automatically extract data from PDF invoices received via email. This Privacy Policy explains how we collect, use, and protect your data.

2. What data we collect

• Account data: Your email address and name when you register.
• Email metadata: Sender, subject, and date of emails containing PDF invoices.
• Invoice data: Vendor name, invoice number, amount, date, and currency extracted from PDF attachments.
• OAuth tokens: Access and refresh tokens for Gmail to scan your inbox on your behalf.

3. What we do NOT collect

• We do not read or store the body of your emails.
• We do not access emails without PDF attachments.
• We do not sell your data to third parties.
• We do not store your Gmail password.

4. How we use your data

We use your data solely to provide the InboxDoc service: scanning for PDF invoices, extracting structured data, and displaying it in your dashboard. Invoice data is processed using the Anthropic Claude API under strict data processing terms.

5. Data storage and security

Your data is stored in Supabase (EU region) with row-level security — meaning only you can access your own data. OAuth tokens are encrypted at rest. We use HTTPS for all data transmission.

6. Your rights (GDPR)

If you are based in the EU, you have the right to access, correct, or delete your personal data at any time. To exercise these rights, contact us at privacy@inboxdoc.com.

7. Data retention

We retain your invoice data for as long as your account is active. When you delete your account, all associated data is permanently removed within 30 days.

8. Third-party services

• Anthropic Claude API — used for AI invoice extraction
• Supabase — database and authentication
• Google Gmail API — email access with your explicit consent
• LemonSqueezy — payment processing

9. Contact

For any privacy-related questions: privacy@inboxdoc.com