Publisher: Kingmaker Analytics LLC
This page describes how personal data is processed in connection with Inbox Maid and lists the third parties (“sub-processors”) that may process data on our behalf or at your direction. It supplements our Privacy Policy and About GDPR page.
1. Roles
Inbox Maid is a local-first desktop application, so processing is split:
- Your mailbox content. You decide what to process and when. Reading happens on your device, and AI requests go directly from your device to OpenAI using your own API key. We do not host, mirror, or store your mailbox.
- License, purchase, website, and support data. Kingmaker Analytics LLC acts as the controller for this limited set of data.
2. Sub-processors
| Sub-processor | Purpose | Data involved | Region |
|---|---|---|---|
| Google LLC | Gmail API access that you authorize and initiate from the app | Message content and metadata, OAuth tokens (stored on your device) | United States / global |
| OpenAI | AI classification using your own API key, sent directly from your device | Message content per your chosen privacy level | United States |
| Lemon Squeezy | Checkout, payment processing, and license keys (when purchasing is enabled) | Purchaser email, order and license data | United States / EU |
| Web3Forms | Handling contact and early-access form submissions | Name, email, topic, message | Global |
| Hosting provider (e.g., Vercel) | Serving inboxmaid.com | Standard server logs (IP address, request metadata) | United States / global |
We review sub-processors before engaging them and require appropriate confidentiality and security commitments. We may update this list as our services change; material changes will be reflected by an updated effective date.
3. Google and OpenAI
Google API data is handled in accordance with the Google API Services User Data Policy, including the Limited Use requirements. We do not use Google Workspace API data for advertising or to train generalized AI models. AI processing through OpenAI is performed under your own OpenAI account and key and is governed by OpenAI’s terms.
4. International transfers
Where personal data is transferred outside the EEA or UK, the providers above rely on appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms.
5. Security
We use reasonable technical and organizational measures appropriate to the limited data we hold, including encrypted credential storage on the user’s device (Windows Credential Manager) and transport encryption (HTTPS) for website and checkout traffic. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
6. Data Processing Agreement
Business customers who require a signed Data Processing Agreement (DPA) for their use of Inbox Maid may request one by emailing support@kingmakeranalytics.com.
7. Changes
We may update this page. The effective date above will change when we do.