Privacy Policy

Who we are

InboxGym is an email warm-up and deliverability monitoring platform operated by InboxGym. We provide tools that help cold email senders improve their inbox placement rates through automated warm-up, DNS monitoring, and DMARC reporting.

If you have any questions about this policy, contact us at .hello@inboxgym.com.

What information we collect

We collect the following information:

• •Name and email address (when you sign up or via Google OAuth)
• •Profile picture (if provided by Google)
• •Connected inbox credentials (IMAP/SMTP host, port, username, and password — stored encrypted)
• •Email metadata from connected inboxes (sent count, delivery status, spam placement)
• •DNS record data (SPF, DKIM, DMARC configurations retrieved during setup and monitoring)
• •DMARC report data (aggregate XML reports parsed for authentication insights)
• •Log data: IP address, browser type, pages visited, timestamps
• •Plan and billing information

How we use your information

We use your information to:

• •Provide and operate the warm-up service (schedule sends, route warm-up traffic)
• •Monitor DNS health and send alerts when records drift or break
• •Parse and display DMARC reports in plain language
• •Send you transactional emails (alerts, DNS change notifications, billing receipts)
• •Improve the product and fix bugs
• •Comply with legal obligations

We do not sell your data to third parties. We do not use your data for advertising.

Inbox credentials and warm-up traffic

When you connect an inbox, you provide us with your IMAP and SMTP credentials. These are stored encrypted at rest (AES-256) and used exclusively to send warm-up email traffic through your inbox on your behalf and to verify connectivity. We do not access, read, or store the content of any email messages sent or received through your connected inboxes. Warm-up interactions are limited to metadata-level exchanges (delivery status, bounce detection) and do not involve inspecting message bodies.

DNS monitoring data

When you add an inbox, we perform an initial DNS lookup of your domain's SPF, DKIM, DMARC, and MX records. We then periodically recheck these records and notify you if any change or break. DNS record data is stored in our database and is accessible only to you. We do not share your DNS configuration with any third party.

DMARC reporting

If you configure DMARC reporting, we receive and parse aggregate DMARC reports sent to the email address you configure. These reports contain authentication results (SPF, DKIM, DMARC pass/fail) from receiving mail servers. We store and display this data in your dashboard. You can delete DMARC report data at any time.

Data storage and security

All data is stored in encrypted databases. Connected inbox credentials are encrypted at rest using AES-256. Data in transit is protected by TLS 1.3. Only you can access your connected inbox data and dashboard. We implement industry-standard security practices to prevent unauthorized access.

Email communications

We send transactional emails to account holders: DNS change alerts, DMARC report summaries, deliverability notifications, and account-related messages. You can control notification preferences from your account settings. We do not send marketing or promotional emails.

Data sharing

We share data only with:

• •DigitalOcean — database and file storage infrastructure
• •Postmark — transactional email delivery
• •Google — OAuth sign-in (if you choose to use it)
• •Upstash / Redis — warm-up scheduling and queue management

We do not share your data with any other third parties except where required by law. We do not sell your personal data.

Data retention

We retain your account data for as long as your account is active. Inbox connection data, DNS records, and DMARC reports are retained until you delete them or your account is closed. You can delete individual inboxes, DNS check history, or your entire account at any time. Deletion is permanent and irreversible. When you close your account, all associated data is permanently deleted within 30 days.

Your rights

Depending on your location, you may have the right to:

• •Access the personal data we hold about you
• •Request correction of inaccurate data
• •Request deletion of your data
• •Object to or restrict processing of your data
• •Data portability

To exercise any of these rights, email us at .hello@inboxgym.com.

Cookies

We use session cookies to keep you logged in. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. No cookie consent banner is required because we only use strictly necessary cookies.

Changes to this policy

We may update this policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For significant changes, we will notify account holders by email.