Privacy Policy

This Privacy Policy explains how Limited Liability Company "CONTEXTA" Cetinje, officially registered as DRUŠTVO SA OGRANIČENOM ODGOVORNOŠĆU "CONTEXTA" CETINJE, short company name CONTEXTA DOO ("CONTEXTA", "we", "us", or "our"), processes personal data in connection with the inbox2api website, dashboard, APIs, hosted email ingestion infrastructure, and related support and billing operations.

1. Controller Information

Controller: Limited Liability Company "CONTEXTA" Cetinje / CONTEXTA DOO

Address: B.C.J BB, Cetinje, Montenegro

Email: [email protected]

Phone: +382 068 593 925

Website: https://inbox2api.com

2. Scope

This Privacy Policy applies to personal data processed in connection with our public website, user accounts, checkout-related communications, customer support, cloud-hosted inbox2api services, and related business operations. It does not replace any separate data processing agreement that may apply between us and a customer acting as a controller.

3. Categories of Personal Data We Process

Depending on how you use the Service, we may process the following categories of personal data:

• account data, such as name, email address, password hash, login activity, and profile details;
• company and billing details, such as organization name, billing contact details, country, and order metadata;
• mailbox connection data, such as mailbox login identifiers, encrypted credentials, IMAP configuration, and mailbox settings;
• email content data, such as sender and recipient fields, subject lines, message bodies, signatures, timestamps, and extracted structured fields;
• attachment-related data, such as file names, MIME types, sizes, storage keys, metadata, and hosted file URLs;
• webhook and integration data, such as destination URLs, custom headers, delivery logs, response status codes, retry outcomes, and message identifiers;
• AI-processing inputs and outputs, if you enable optional AI features;
• usage, device, and diagnostic data, such as IP addresses, browser details, logs, analytics, and security events; and
• support and communication data, such as messages, tickets, feedback, and call or email history.

4. How We Collect Data

We collect personal data:

• directly from you when you create an account, configure a mailbox, contact support, or submit forms;
• from your use of the Service, including webhook delivery, logs, authentication flows, and diagnostics;
• from connected mailbox providers and other integrations that you authorize us to access;
• from payment and order partners such as Paddle, to the extent needed for order management, compliance, and support; and
• from service providers that support hosting, storage, security, analytics, communications, and infrastructure operations.

5. Purposes of Processing

We process personal data to:

• provide, operate, maintain, and secure inbox2api;
• authenticate users and manage accounts and workspace access;
• connect mailboxes, retrieve email content, normalize messages, host attachments, and deliver webhook payloads;
• provide optional AI-powered extraction and classification features that you enable;
• monitor service quality, reliability, abuse, fraud, and technical errors;
• process orders, billing events, account credits, refunds, and support requests;
• communicate with you about service updates, incidents, policy changes, and legal notices; and
• comply with legal, regulatory, tax, accounting, and enforcement obligations.

6. Legal Bases

Where GDPR or similar laws apply, we rely on one or more of the following legal bases:

• performance of a contract, including provisioning the Service and fulfilling your requests;
• legitimate interests, including securing the Service, improving reliability, preventing abuse, and handling support;
• compliance with legal obligations, including tax, accounting, fraud-prevention, and regulatory duties; and
• consent, where required by law or where you choose to enable specific features or communications.

7. Payments and Paddle

We do not store or process your full payment card details. Our order process is conducted by our online reseller Paddle.com. Paddle.com is the Merchant of Record for all our orders and processes buyer payment information in accordance with its own legal terms and privacy notices.

We may receive limited transaction and customer information from Paddle, such as order identifiers, billing status, country, VAT-related information, subscription or transaction status, and support-related details, as needed to provide the Service, comply with law, and handle customer support.

8. Sharing of Personal Data

We may share personal data with:

• hosting, cloud, storage, networking, logging, and monitoring providers;
• payment, tax, and compliance partners, including Paddle;
• email, messaging, and customer support providers;
• AI and processing subprocessors where you enable optional AI workflows;
• professional advisers, auditors, insurers, and legal counsel where necessary; and
• courts, regulators, law enforcement, or counterparties where disclosure is required by law or necessary to protect rights and safety.

9. International Transfers

Your personal data may be processed in countries outside your own jurisdiction, including countries that may not provide the same level of legal protection. Where required, we take appropriate steps to safeguard such transfers, including contractual protections, technical measures, and vendor due diligence.

10. Data Retention

We retain personal data for as long as necessary for the purposes described in this Privacy Policy, including to provide the Service, maintain security and operational records, comply with legal obligations, resolve disputes, and enforce agreements.

Retention periods may vary by data type. For example, account records, billing records, support history, security logs, email payloads, and hosted attachments may be retained for different periods depending on your configuration, legal obligations, incident response needs, and the technical design of the Service.

11. Security

We use administrative, technical, and organizational measures designed to protect personal data. These may include encryption of stored credentials, access controls, authentication safeguards, logging, service monitoring, and infrastructure protections. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

12. Your Rights

Depending on applicable law, you may have the right to:

• request access to personal data we hold about you;
• request correction of inaccurate or incomplete data;
• request deletion of personal data in certain circumstances;
• object to or restrict certain processing;
• request portability of personal data where applicable;
• withdraw consent where processing is based on consent; and
• lodge a complaint with a competent supervisory authority.

To exercise your rights, contact us at [email protected]. We may need to verify your identity before responding.

13. Customer Role and Third-Party Data

If you use the Service to process mailbox data, email content, contacts, or other third-party information, you are responsible for ensuring that you have an appropriate legal basis and all required notices, permissions, and internal approvals for that processing.

In some contexts, we act as an independent controller for account, billing, security, and support data. In other contexts, we may process customer-submitted data on behalf of the customer for service-delivery purposes.

14. Children's Data

The Service is intended for business and professional use and is not directed to children. We do not knowingly collect personal data from children in a manner that requires parental consent under applicable law.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version becomes effective when posted on this page unless a later effective date is stated.

16. Contact

For privacy questions or requests, contact [email protected] or +382 068 593 925.