Last updated: April 2026

Privacy Policy

Inflovy is a persistent inbound email identity platform for developers and teams. This policy explains what data we collect, how we use it, and how we protect it.

What data we collect

We collect only what is necessary to operate the service:

  • Account data — your email address and optional display name when you register.
  • Inbound message content — subject line, sender address, and message body of emails received by your addresses. This is the core function of the product.
  • Support submissions — the subject, category, and description you provide when contacting support, along with your account email if authenticated.
  • Address and project metadata — the names, slugs, and labels you create to organise your addresses and projects.

We do not collect payment card details directly. Billing is handled by third-party processors when checkout is enabled.

How we use your data

Your data is used exclusively to provide the Inflovy service:

  • Authenticating your account and managing workspace access
  • Routing and storing inbound emails to your addresses
  • Enforcing plan-based usage limits and retention schedules
  • Responding to support requests

We do not sell, share, or use your data for advertising. We do not run analytics on your inbound message content.

Message retention

Inbound messages are retained according to the retention policy of your workspace plan:

  • Free — 3 days
  • Starter Lite — 7 days
  • Starter — 30 days
  • Team — 90 days

Messages nearing expiry are marked before deletion. Retention blocks (add-ons) extend these limits per your plan configuration. After expiry, messages are permanently deleted and cannot be recovered.

Data deletion and account closure

You may request deletion of your account and all associated data at any time by contacting support. Upon account closure we will delete your account credentials, workspace data, address configurations, and any remaining messages within 30 days.

Data security

Passwords are hashed using bcrypt (12 rounds) and never stored in plain text. Authentication uses short-lived JWTs transmitted over HTTPS. We apply standard HTTP security headers via Helmet and rate-limit all API endpoints to reduce abuse.

Third-party services

Inflovy runs on standard cloud infrastructure. Infrastructure providers may process data as part of hosting and network delivery. We do not integrate third-party analytics, advertising, or tracking SDKs into the product.

Changes to this policy

If we make material changes to this policy we will update the date at the top of this page. Continued use of Inflovy after changes are posted constitutes acceptance.

Terms of UseContact SupportHome