Built for enterprise procurement
Everything your InfoSec team needs in one page: current certifications status, sub-processor snapshot, downloadable legal artefacts, and a direct procurement contact. We don’t claim certifications we don’t hold — programmes in progress are flagged honestly.
Programme status
Targeted dates are best-effort, not commitments.GDPR
LivePublic DPA, sub-processor list, in-app DSAR tooling, EU-pinned analytics.
AI no-training contracts
LiveOpenAI + Anthropic API / Commercial Terms — customer content is not used to train models.
OpenAI Zero Data Retention
In progressApplication submitted; removes the default 30-day prompt retention window.
Google CASA Tier 2
In progressRequired for Gmail restricted scopes at scale.
SOC 2 Type I
PlannedTargeted within the next two quarters. Controls in build-out with a GRC platform.
SOC 2 Type II
PlannedFollows Type I after a 6-12 month observation window.
ISO 27001
PlannedTargeted alongside SOC 2 Type II for EU enterprise procurement.
Documents & resources
Linkable, shareable. Each artefact is the canonical version — send these URLs directly to your legal or security review.
Data Processing Agreement (DPA)
Standard Art. 28 GDPR DPA, incorporated by reference into Inboxer's Terms of Service. Available as a web page; counter-signed copies on request.
Privacy policy
Full description of data categories, legal bases (Art. 6 GDPR), retention, data subject rights, and contact paths.
Security overview
Technical and organisational measures: OAuth-only access, encryption, audit visibility, user data controls.
Sub-processor list (JSON)
Machine-readable feed of all sub-processors, including data categories, locations and transfer mechanisms. Subscribe by polling this endpoint.
Terms of service
Standard commercial terms governing use of Inboxer.
Sub-processors snapshot
We share data with the 9 sub-processors below, each bound by a DPA under Art. 28 GDPR. The full table with data categories and transfer mechanisms is on Privacy. Machine-readable feed at /api/v1/sub-processors.
Last updated: 2026-05-16
- Clerk — Authentication, session management, organisation membership.
- Stripe — Billing, subscription management, payment processing.
- OpenAI — AI classification, drafting, summarisation, embeddings.
- Anthropic — AI classification, drafting, summarisation.
- Recall.ai — Meeting bot ingest of transcripts.
- Inngest — Background job orchestration. Event payloads carry only IDs.
- PostHog — Product analytics, in-app event tracking.
- Google (Gmail, Calendar) — Mailbox and calendar access via OAuth, at user direction.
- Microsoft (Graph, Outlook, Microsoft 365) — Mailbox and calendar access via OAuth, at user direction.
Procurement & security review
Need a security questionnaire (SIG / CAIQ), a custom DPA, regional data residency commitments, or a vendor onboarding packet? Email us — we typically respond within one business day.