Skip to content
Inbox OSS

Legal

Privacy Policy

This Privacy Policy describes how Inbox OSS (One Source Soft, Inc.) collects, uses, and shares personal information about you when you use our website, products, and services.

Last updated: May 1, 2026

Information we collect

We collect information you provide directly (name, email, billing address, organization), information automatically collected when you use our services (IP address, browser type, usage logs), and information from third parties (OAuth identity providers, payment processors).

We do not sell personal information. We do not share personal information with advertisers.

How we use information

We use personal information to provide, maintain, and improve our services; to communicate with you about your account; to comply with legal obligations; and to detect and prevent fraud and abuse.

We do not use the contents of email messages you send through our platform for any purpose other than delivery, deliverability analysis, abuse prevention, and statutory compliance.

Sharing and disclosure

We share information only with: (a) subprocessors listed in our subprocessor registry; (b) law enforcement when legally compelled and where we have exhausted reasonable challenges; (c) successors in the event of merger or acquisition with prior notice.

We publish a full subprocessor registry at /legal/subprocessors and notify customers 30 days before adding any new subprocessor.

International transfers

Inbox OSS is incorporated in the United States. EU/UK customer data may be processed in the EU under our standard EU region offering. Cross-border transfers rely on Standard Contractual Clauses where required.

Data retention

Account data is retained for the life of your account plus 90 days. Email events are retained for 30 days in hot storage and 13 months in cold storage unless you configure a shorter window. Suppression entries are retained indefinitely unless you delete them.

Your rights

You can access, correct, export, or delete your personal information from your account settings. EU/UK users have additional rights under GDPR. California residents have rights under CCPA. To exercise any right, contact privacy@inbox.onesourcesoft.com.

Cookies

We use first-party cookies for authentication, session management, and aggregate analytics. We do not use cross-site advertising cookies. See /legal/cookies for the full list.

Children

Our services are not directed at children under 16. If you believe we have collected information from a child, contact us and we will delete it.

Changes to this policy

We will notify you by email at least 30 days before material changes take effect.

Contact us

Questions about this policy? Email privacy@inbox.onesourcesoft.com. Our Data Protection Officer can be reached at the same address.