When you create an account we collect your email address and password (stored as a bcrypt hash). When you run a subscription job we collect the target email address and job configuration. We also collect basic usage data such as subscription counts and timestamps.
We use your information solely to provide the InboxFlood service:
We do not sell your data to third parties. We do not use your data for advertising.
Your data is stored in Supabase, a hosted database service. Passwords are hashed with bcrypt (salt factor 12) — we never store plaintext passwords. Access tokens expire after 15 minutes. All connections to our API are encrypted via HTTPS.
Email addresses you provide as subscription targets are used only to run those jobs. We do not store them beyond what is necessary to log your job history. We do not send marketing email to target addresses.
We use session storage (not cookies) to maintain your login session in the browser. This data is cleared when you close your browser tab. We do not use tracking cookies or third-party analytics.
Your account data is retained for as long as your account is active. You may delete your account at any time from the dashboard. Upon deletion, your personal data is permanently removed from our systems within 7 days.
We use the following third-party services:
You may access, correct, or delete your personal data at any time via your dashboard. For other requests, contact us at privacy@inboxflood.com.
Significant changes will be notified via email. Continued use after changes constitutes acceptance.
Questions: privacy@inboxflood.com