Sub-processors
Third parties that process limited InboxBridge data on our behalf. Each is bound by their own contractual confidentiality and security obligations. We update this page when our list changes and notify paid customers at least 30 days before any new sub-processor handles their data.
DigitalOcean, LLC
Privacy policy ↗- Purpose
- Application hosting + managed encrypted database storage.
- Data accessed
- All InboxBridge data at rest (encrypted), including your encrypted OAuth tokens, account metadata, audit log. No plaintext email content (the application does not store it).
- Location
- United States
Google LLC
Privacy policy ↗- Purpose
- Gmail API access via OAuth 2.0 (for users who connect a Gmail account). Also Google Sign-In (non-sensitive scopes only) for InboxBridge authentication.
- Data accessed
- Your Google profile (email, display name) and — only if you connect a Gmail account — gmail.modify access to that mailbox under the Limited Use policy.
- Location
- United States
Microsoft Corporation
Privacy policy ↗- Purpose
- Microsoft Graph access for users who connect an Outlook / Microsoft 365 / live.com / hotmail.com account.
- Data accessed
- Your Microsoft profile (email, display name) and Mail.ReadWrite / Mail.Send access to the connected mailbox under the user-granted OAuth consent.
- Location
- United States
Stripe, Inc.
Privacy policy ↗- Purpose
- Payment processing and subscription billing. Used only by paid customers.
- Data accessed
- Your email + name for receipt purposes, billing address you provide at checkout, and full payment instrument (Stripe never returns the full PAN to us). We never see or store your full credit card number.
- Location
- United States
Resend, Inc.
Privacy policy ↗- Purpose
- Transactional email delivery: magic-link sign-in, whitelist notifications, account-event emails. No marketing email.
- Data accessed
- Your InboxBridge sign-in email and the body of the transactional emails we send to you.
- Location
- United States
GitHub, Inc.
Privacy policy ↗- Purpose
- Source code hosting + automated deploy CI. Does not handle production data.
- Data accessed
- No customer data. Listed for completeness because the deploy pipeline runs through GitHub Actions.
- Location
- United States
Notification policy
For paid customers (Pro, Team), we provide at least 30 days’ notice before any new sub-processor is added to this list. You can object by contacting privacy@inboxbridge.app; if we can’t accommodate the objection, you may terminate your subscription and receive a pro-rated refund.