Inbox Assistant
 Back to site

Trust Center

Built for the most private inbox you own.

Last updated May 10, 2026

Email is the most sensitive data layer in your life. Passwords, contracts, medical records, family conversations. We treat every message like it could be any of those — because it could be.

Privacy Policy

What we collect, why, and how long we keep it.

Terms of Service

The contract between you and Inbox Assistant.

Data Processing Agreement

GDPR Article 28 DPA for business customers.

AI Transparency

What our AI does — and what it never does.

Security

Encryption, access controls, breach response.

GDPR & Your Rights

Export, delete, object, restrict — all in one click.

Our core commitments

  • We never train AI on your email content. Ever. Not aggregated, not anonymized, not for "improvements".
  • Humans don't read your email. Engineers cannot access message bodies. Support sees only metadata you explicitly share in a ticket.
  • Data lives in the EU. Frankfurt (primary) and Stockholm (backup), encrypted at rest with AES-256 and in transit with TLS 1.3.
  • You can delete everything in one click. Account deletion purges all email content, summaries, and embeddings within 24 hours.
  • 72-hour breach notification. If anything goes wrong, you and the relevant supervisory authority hear from us within 72 hours.

Compliance

  • GDPR (EU 2016/679)
  • UK GDPR & Data Protection Act 2018
  • Swiss FADP
  • SOC 2 Type II — audit in progress (target: Q4 2026)
  • ISO 27001 — roadmap 2027
Questions? Email cardimattos@gmail.com. Operated by Cardim IT AB (org. nr. 559278-1453), Göteborg, Sweden.