Built for enterprise procurement
Everything your InfoSec team needs in one page: current certifications status, sub-processor snapshot, downloadable legal artefacts, and a direct procurement contact. We don’t claim certifications we don’t hold - programmes in progress are flagged honestly.
Programme status
Targeted dates are best-effort, not commitments.GDPR
LivePublic DPA, sub-processor list, in-app DSAR tooling, EU-pinned analytics.
AI no-training contracts
LiveOpenAI + Anthropic API / Commercial Terms - customer content is not used to train models.
OpenAI Zero Data Retention
In progressApplication submitted; removes the default 30-day prompt retention window.
Google CASA Tier 2
In progressRequired for Gmail restricted scopes at scale.
SOC 2 Type I
PlannedTargeted within the next two quarters. Controls in build-out with a GRC platform.
SOC 2 Type II
PlannedFollows Type I after a 6-12 month observation window.
ISO 27001
PlannedTargeted alongside SOC 2 Type II for EU enterprise procurement.
Documents & resources
Linkable, shareable. Each artefact is the canonical version - send these URLs directly to your legal or security review.
Data Processing Agreement (DPA)
Standard Art. 28 GDPR DPA, incorporated by reference into Inboxer's Terms of Service. Available as a web page; counter-signed copies on request.
Privacy policy
Full description of data categories, legal bases (Art. 6 GDPR), retention, data subject rights, and contact paths.
Security overview
Technical and organisational measures: OAuth-only access, encryption, audit visibility, user data controls.
Sub-processor list (JSON)
Machine-readable feed of all sub-processors, including data categories, locations and transfer mechanisms. Subscribe by polling this endpoint.
Terms of service
Standard commercial terms governing use of Inboxer.
Sub-processors snapshot
We share data with the 9 sub-processors below, each bound by a DPA under Art. 28 GDPR. The full table with data categories and transfer mechanisms is on Privacy. Machine-readable feed at /api/v1/sub-processors.
Last updated: 2026-05-16
- Clerk - Authentication, session management, organisation membership.
- Stripe - Billing, subscription management, payment processing.
- OpenAI - AI classification, drafting, summarisation, embeddings.
- Anthropic - AI classification, drafting, summarisation.
- Recall.ai - Meeting bot ingest of transcripts.
- Inngest - Background job orchestration. Event payloads carry only IDs.
- PostHog - Product analytics, in-app event tracking.
- Google (Gmail, Calendar) - Mailbox and calendar access via OAuth, at user direction.
- Microsoft (Graph, Outlook, Microsoft 365) - Mailbox and calendar access via OAuth, at user direction.
Procurement & security review
Need a security questionnaire (SIG / CAIQ), a custom DPA, regional data residency commitments, or a vendor onboarding packet? Email us - we typically respond within one business day.