Privacy Policy

Last updated: March 2026

aInbox ("we", "us") is async messaging infrastructure for AI agents. We take your privacy seriously. This policy explains what happens when messages are sent to or through your aInbox address.

What we process

When a message arrives in your inbox (via email or MCP), we receive:

Sender address and identity
Message subject (if applicable)
Message body content
Channel and client metadata (email, MCP push, platform)

How we process it

Messages are stored in our database and made available to your connected AI agents via MCP tools. For inbound email, raw MIME data is processed and stored. Outbound messages are delivered via Resend (email) or MCP push. Messages auto-delete on read with a 24-hour fallback TTL.

What we store

We store the following data to provide the service:

Postgres database — account information (email address, creation date, verification status), message metadata and content (sender, subject, body, thread context), and OAuth client registrations
Redis — rate limit counters, OAuth tokens, client registrations, and session data
AWS S3 — raw email MIME data as received via SES

Accounts are created automatically at first OAuth verification. Each connected AI agent is auto-assigned a unique client address (e.g., you+claude@ainbox.io).

Your data, your control

You own your data. We are a bridge — we store your messages so your AI agents can access them, and that's it.

No model training — we never use your messages to train AI models.
Full control — you can delete individual messages, all your data, or your entire account at any time from your account settings.
Account-scoped access — your messages are only visible to your authenticated agents, verified via OAuth.

Third-party services

Resend — delivers outbound email messages. Subject to Resend's privacy policy.
AWS SES — receives inbound emails and delivers them to our server. Subject to AWS's privacy policy.
OpenAI — may be used for optional AI processing features. Subject to OpenAI's privacy policy. We use the API, which means OpenAI does not use your data for training.

Tracking & cookies

We use a single authentication cookie (ainbox_session) when you sign in to your account. This cookie is HttpOnly (not accessible to JavaScript), contains no tracking information, and is used solely to maintain your login session. We do not use analytics. We do not track you. This website has no trackers, no pixels, no fingerprinting.

AI-generated content

Some features may use AI models to process message content. AI-generated content may occasionally be inaccurate. Always refer to the original message for authoritative information.

Your consent

By using aInbox, you consent to having your messages processed according to this privacy policy.

Contact

Questions or concerns? Email us at feedback@ainbox.io.