Privacy Policy

Last updated: March 15, 2026

Inboxi ("we", "our", or "us") operates the inboxi.ai website and the Inboxi platform (the "Service"). This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Email address
  • Name (optional)
  • Password (stored as a salted hash — we never store plaintext passwords)

Instagram Account Data

When you connect your Instagram Professional account, we receive and store:

  • Your Instagram username and user ID
  • An OAuth access token (encrypted at rest using AES-256-GCM)
  • The permissions you granted

We use this data solely to operate the automation features you configure, such as sending private reply DMs when someone comments a trigger keyword on your posts.

Comment & Messaging Data

When our webhook receives a comment notification from Instagram, we process:

  • The commenter's username
  • The comment text
  • The comment ID (used to send a private reply)

We log whether a DM was successfully sent, along with the keyword that matched, for your analytics dashboard. We do not store the full content of DMs sent on your behalf beyond what is displayed in your trigger logs.

Payment Information

Payment processing is handled entirely by Stripe. We do not store your credit card number, expiration date, or CVC. We store only your Stripe customer ID and subscription status.

Usage Data

We collect basic usage data such as pages visited, features used, and timestamps of actions. This helps us improve the product.

2. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Service (sending automated DMs on your behalf)
  • Process your subscription payments
  • Display analytics and statistics about your automation performance
  • Send you important account-related communications (e.g., token expiration warnings)
  • Improve and develop new features
  • Prevent abuse and enforce our Terms of Service

3. Data Sharing

We do not sell, rent, or trade your personal information. We share data only with:

  • Instagram / Meta — to execute the automations you configure (sending DMs via the Instagram API)
  • Stripe — to process payments
  • Law enforcement — if required by law, subpoena, or court order

4. Data Security

We take security seriously:

  • Instagram access tokens are encrypted at rest using AES-256-GCM
  • Passwords are hashed with bcrypt (12 rounds)
  • All communication is encrypted in transit via TLS/HTTPS
  • Webhook payloads from Meta are validated using SHA-256 HMAC signatures
  • API endpoints are rate-limited to prevent abuse
  • CORS is restricted to our domains only

5. Data Retention

We retain your data for as long as your account is active. If you delete your account or disconnect your Instagram connection, we remove the associated data within 30 days. Comment DM logs are retained for your analytics but can be deleted upon request.

6. Your Rights

You have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and all associated data
  • Disconnect your Instagram account at any time from the Automations page
  • Export your data upon request

To exercise any of these rights, contact us at support@inboxi.ai.

7. Instagram Data Deletion

You can request deletion of your Instagram-related data at any time by:

  • Disconnecting your Instagram account from the Automations page in Inboxi
  • Deleting your Inboxi account
  • Submitting a request via Meta's app settings (we have a data deletion callback endpoint that processes these automatically)

8. Cookies

We use minimal cookies:

  • Authentication tokens — stored in localStorage (not cookies) to keep you logged in
  • Essential cookies — for session management and security

We do not use third-party tracking cookies or advertising pixels.

9. Children's Privacy

Our Service is not directed to anyone under the age of 18. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy, contact us at: