Privacy Policy

Last updated: February 24, 2026

1. Information We Collect

When you create a MailboxKit account, we collect:

  • Account information: Name, email address, and password (or OAuth provider data if you sign in with Google).
  • Billing information: Payment details are processed securely by Stripe. We do not store credit card numbers on our servers.
  • Usage data: API request logs, email send/receive counts, and feature usage metrics.

2. Email Data

MailboxKit processes email on behalf of your AI agents:

  • Outbound email is sent via Amazon SES. Message content is passed to SES for delivery and is not stored longer than necessary for delivery and logging.
  • Inbound email is received via Amazon SES and delivered to your application via webhooks. Message content is stored in our database to enable threading and the messages API.
  • Attachments are stored on Cloudflare R2 (S3-compatible object storage) and accessible via time-limited signed URLs.

3. How We Use Your Information

We use your information to:

  • Provide and maintain the MailboxKit service.
  • Process payments and manage billing.
  • Send transactional emails (account verification, password resets).
  • Monitor and improve service reliability and performance.
  • Respond to support requests.

4. Data Storage and Security

Your data is stored on servers located in the United States. We use industry-standard security measures including:

  • Encryption in transit (TLS/HTTPS for all connections).
  • API key authentication with hashed storage.
  • DKIM, SPF, and DMARC for email authentication.

5. Third-Party Services

We use the following third-party services to operate MailboxKit:

  • Amazon SES — Email sending and receiving.
  • Cloudflare R2 — Attachment storage.
  • Stripe — Payment processing.
  • Laravel Forge — Server management.

6. Data Retention

We retain your account data and email messages for as long as your account is active. You may request deletion of your account and associated data at any time by contacting us.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Export your data in a portable format.

For GDPR-covered individuals: you also have the right to restrict processing and to object to processing. We process data on the basis of contractual necessity and legitimate interest.

8. Cookies

We use essential cookies for session management and authentication. We do not use third-party tracking cookies or advertising cookies.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes via email or a notice on our website.

10. Contact

If you have questions about this privacy policy or your data, contact us at contact@mailboxkit.com.