تخطَّ إلى المحتوى
InboxAPI

Privacy Policy

هذا المحتوى غير متوفر بلغتك بعد.

Last updated: 2026-04-18

This Privacy Policy describes how Dini Labs Pty Ltd (ABN 87 691 095 477) (“Dini Labs”, “we”, “us”, or “our”) handles personal information in connection with InboxAPI.

InboxAPI is a programmable email infrastructure service for developers, businesses, and software operators, including those using AI agents. This policy explains how we collect, hold, use, and disclose personal information when we provide and operate the Service.

1. Scope

This Privacy Policy applies to:

  • Account creation, authentication, recovery, and support interactions
  • Customer use of InboxAPI to send, receive, store, search, and process email
  • Operational, security, diagnostic, and service-improvement activities related to InboxAPI
  • Our website and documentation to the extent they collect technical information needed to operate and secure them

This policy does not govern third-party services, recipient mail systems, or AI tools you connect to InboxAPI.

2. Personal Information We Collect and Hold

Depending on how you use the Service, we may collect and hold:

Account and identity information

  • Account names, email addresses, verified owner email addresses, and recovery details
  • Authentication credentials, encrypted secrets, token identifiers, and account status information
  • Billing or commercial relationship information if paid plans are introduced or used

Customer content and communication data

  • Email headers and metadata, such as sender, recipient, subject line, timestamps, thread identifiers, and delivery status
  • Email bodies, attachments, and message content processed through the Service
  • Address book and contact relationship data generated by product usage

Usage, device, and operational data

  • API request logs, timestamps, error logs, and rate-limit or abuse-prevention events
  • Client, device, browser, IP address, and network information reasonably necessary to operate and secure the Service
  • Service configuration, diagnostics, telemetry, and observability data

Support and communications data

  • Correspondence with us, including support requests, legal inquiries, bug reports, and feedback

We do not currently use personal information for advertising profiling, and we do not sell personal information.

3. How We Collect Personal Information

We collect personal information:

  • Directly from you when you use the Service, contact us, verify an owner email address, or submit account recovery details
  • Automatically from your use of the Service, website, API, and client software
  • From communications and content processed through the Service at your direction
  • From third parties involved in email delivery, abuse prevention, infrastructure, authentication, or legal compliance

When you submit, transmit, or process content through the Service that contains personal information about other people, for example, recipients, senders, or individuals referred to in email bodies, attachments, or contact lists, you direct that processing as the controller or equivalent responsible party for that information. As between you and Dini Labs, you are responsible for (a) having a lawful basis to provide that information to us, (b) giving any notice required to those individuals under Australian Privacy Principle 5, the GDPR, or other applicable law, and (c) responding to any access, correction, deletion, or similar requests those individuals make. To the extent it is reasonable and practicable in the circumstances, this Privacy Policy serves as our notice to those individuals; given the nature of email and AI-driven processing, direct notice will often be impracticable, and the obligation to provide any further notice rests with you.

4. How We Hold Personal Information

We hold personal information in a combination of:

  • Cloud-hosted application systems and infrastructure used to operate InboxAPI
  • Security, logging, backup, and observability systems used to maintain and protect the Service
  • Internal tools used for support, legal, compliance, and incident response

We take reasonable steps to protect personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. However, no method of transmission or storage is completely secure, and email is not an inherently secure medium.

5. How We Use Personal Information

We use personal information to:

  • Provide, maintain, authenticate, and secure the Service
  • Send, receive, store, search, route, and process email and related metadata at your direction
  • Enforce limits, prevent abuse, detect fraud, investigate suspicious activity, and protect users and third parties
  • Debug errors, monitor performance, improve reliability, and develop service features
  • Respond to support requests, account recovery requests, legal inquiries, and privacy requests
  • Comply with legal obligations and enforce our Terms of Service

We do not currently use personal information for targeted advertising.

6. How We Disclose Personal Information

We may disclose personal information to:

  • Infrastructure, hosting, security, storage, analytics, and support providers who help us operate the Service
  • Email ecosystem participants, such as recipient mail servers, relays, mailbox providers, anti-spam systems, and network operators, as part of normal email transmission
  • Your authorised users, connected software, MCP clients, AI agents, and service integrations
  • Professional advisers, auditors, insurers, and corporate transaction counterparties where reasonably necessary
  • Regulators, law enforcement, courts, or other authorities where required or permitted by law

We do not control how recipient systems, third-party mailbox providers, or AI/LLM tools configured by you handle data once it leaves our systems.

7. Data Roles

InboxAPI can involve different privacy roles depending on the data and context.

Customer content

For email content and related data you choose to process through InboxAPI, you are generally the controller or equivalent responsible party, and Dini Labs generally acts as a processor, service provider, or similar provider acting on your instructions.

Service operations

For account administration, authentication, security, abuse prevention, diagnostics, support, legal compliance, and similar service-operation purposes, Dini Labs may act as an independent controller or equivalent responsible party.

Nothing in this Privacy Policy shifts your obligation to provide notices, establish lawful bases, or respond to end-user requests where those obligations belong to you.

8. International Data Handling

Dini Labs is based in Sydney, Australia. We use cloud infrastructure and tooling that may operate in Australia and overseas, including the United States. Before disclosing personal information to overseas service providers, we take reasonable steps to ensure they handle it consistently with the Australian Privacy Principles, including by selecting providers with established data protection commitments and reviewing their privacy terms before use.

When you use InboxAPI to send email, transmission to the recipient’s mail server occurs at your direction. Dini Labs facilitates that transmission as infrastructure but does not control how recipient mail systems handle the message.

9. Retention

We retain personal information for as long as reasonably necessary for:

  • Providing the Service
  • Maintaining security, fraud prevention, and abuse controls
  • Debugging, backups, disaster recovery, and audit purposes
  • Legal, regulatory, accounting, and contractual obligations

Retention periods vary depending on the data type, account status, operational needs, and legal requirements. Deleted information may persist for a limited period in backups, logs, or archival systems before being overwritten or removed.

10. Sensitive Information

InboxAPI is not designed for processing highly sensitive personal information. You should not use the Service for health records, payment card data, government identifiers, or other highly sensitive information unless you have independently assessed that use and implemented appropriate safeguards.

If you choose to process sensitive information through the Service, you do so at your own risk and remain responsible for compliance with applicable law.

11. Access and Correction

Subject to applicable law, you may request access to personal information we hold about you and request correction of inaccurate, out-of-date, incomplete, irrelevant, or misleading personal information.

To make a request, contact us at [email protected]. We may need to verify your identity before responding. In some cases, we may decline a request where the law permits us to do so, including where granting the request would unreasonably impact the privacy of others, compromise security, or conflict with legal obligations.

Where we hold personal information solely on behalf of a customer in a processor or service-provider capacity, we may direct the request to the relevant customer or ask you to contact them directly.

12. Privacy Complaints

If you have a complaint about how we have handled your personal information, please contact us at [email protected] with enough detail for us to investigate.

We will review the complaint and respond within a reasonable period, usually within 30 days.

If you are not satisfied with our response, you may be able to refer the complaint to the Office of the Australian Information Commissioner (OAIC) or another applicable regulator in your jurisdiction.

13. GDPR and Similar Regimes

Where the General Data Protection Regulation or similar laws apply:

  • You are generally responsible for identifying the lawful basis for customer content you process through InboxAPI
  • We may assist with reasonable processor-related requests where required by law and appropriate to the nature of our role
  • You are responsible for your own privacy notices, controller obligations, and data subject request handling unless we are legally required to handle a request directly

If you require a separate data processing addendum or enterprise privacy commitments, contact us at [email protected] and we will provide one.

14. California and Similar US State Privacy Laws

For personal information processed on behalf of customers, Dini Labs generally acts as a service provider or contractor and processes that information for the limited purposes of providing and securing the Service.

We do not currently sell personal information or share personal information for cross-context behavioural advertising.

15. Children

InboxAPI is not directed to children, and we do not knowingly provide the Service for use by children under 16.

16. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised “Last updated” date. Your continued use of the Service after an update takes effect constitutes acceptance of the updated policy to the extent permitted by law.

17. Notifiable Data Breaches Scheme

If we become aware of an eligible data breach under the Notifiable Data Breaches scheme, we will notify the OAIC as soon as practicable and inform affected customers without undue delay so they can meet their own notification obligations.

18. Contact

For privacy or legal inquiries:

Dini Labs Pty Ltd
Sydney, New South Wales, Australia
Email: [email protected]