Privacy Policy | Shadow Inbox

1. Introduction

Shadow Inbox ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered lead generation service.

By using Shadow Inbox, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Personal Information

We collect the following personal information when you create an account:

Email Address: Used for authentication, account notifications, and lead alerts.
Password: Securely stored via Supabase Auth (we never store plaintext passwords).
Business Information: Your business description and target keywords to provide our lead generation service.

2.2 Usage Data

We collect information about how you interact with our service, including:

Credit usage and consumption patterns
Leads unlocked and generated
Feature usage statistics

2.3 Publicly Available Data (Leads)

To provide our service, our systems aggregate publicly available business and professional contact information from the web. We process this data under the basis of legitimate interest to help businesses connect.

We strictly index publicly accessible URLs and their associated public text content. We expressly do not scrape, store, or distribute personally identifiable information (PII) such as usernames, account handles, email addresses, or private communications from third-party platforms.

If you are a lead and wish to have your data removed from our systems, please contact us at: support@shadowinbox.io

3. How We Use Your Information

We use your information for the following purposes:

Authentication: To verify your identity and secure your account
Service Provision: To provide AI-powered lead generation and matching
Billing: To process payments and manage your subscription
Communications: To send lead alerts, updates, and support messages
Improvement: To analyze usage patterns and improve our service

4. Third-Party Services

We use the following third-party services to operate Shadow Inbox:

Supabase: For authentication and database services. Your data is stored in Supabase's secure infrastructure.
Stripe: For payment processing. We do not store your credit card information.
DeepSeek: For AI-generated lead summaries and outreach message generation. Lead content is processed by DeepSeek's API.
Vercel: For hosting our web application.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information:

All data is encrypted in transit using HTTPS/TLS
Database connections are secured and authenticated
We use Row Level Security (RLS) policies to ensure users can only access their own data
Regular security audits and updates

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with our services. You can request deletion of your account and associated data at any time through the Settings page.

7. Your Rights

You have the right to:

Access your personal data
Correct inaccurate data
Request deletion of your data
Export your data
Opt-out of non-essential communications

8. GDPR Compliance and Data Roles

Under the General Data Protection Regulation (GDPR), we act as the Data Controller for the personal information you provide to create an account.

For any third-party public data indexed by our service, we process this under the basis of Legitimate Interest.

We do not sell your personal data.

9. Cookies and Tracking

We use essential cookies to keep you logged in and maintain your session. These cookies are necessary for the Service to function properly and cannot be disabled.

We do not use tracking cookies for advertising purposes or share your browsing data with third-party advertisers.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at: support@shadowinbox.io