Use casesHow it worksReportsPricingAbout us
Sign inAdd to Chrome

Privacy Policy

Last updated: April 17, 2026

Overview

InboxCheck is a product of Lanos Technologies Pvt. Ltd. ("we", "us", "our"), registered at Silver Square, Dattatray Road, Santacruz West, Mumbai, India. We operate the InboxCheck Chrome extension and the inboxcheck.io website (collectively, the "Service"). This privacy policy explains how we collect, use, store, and protect your data when you use the Service.

Chrome Extension Permissions & Data Access

The InboxCheck Chrome extension requests the following permissions. Each permission is used solely for the purpose described below and nothing else:

  • Read and change all your data on all websites (<all_urls>) - Used solely to detect email addresses displayed on webpages you visit. The extension scans visible text content for email patterns. No page content, URLs, or browsing history is transmitted to our servers.
  • Active Tab - Used to read the URL of your current tab so the "Pause on this site" feature can identify the website, and to relay verification results from right-click context menu actions back to the active page.
  • Storage - Used to store your preferences (e.g., disabled sites, inline detection settings), authentication session tokens, and cached verification results locally in your browser.
  • Context Menus - Used to add a right-click "Verify with InboxCheck" option when you select text containing an email address.
  • Identity - Used to facilitate Google sign-in via chrome.identity.launchWebAuthFlow, which opens a secure Google OAuth consent screen and returns authentication tokens.
  • Alarms - Used to run two periodic background tasks: (1) a keepalive alarm that prevents the extension's background service worker from being terminated by Chrome, and (2) a cache sweep alarm that automatically clears expired verification results from your local storage every hour.

Data We Collect

Email Addresses Submitted for Verification

When you verify an email address (by clicking "Verify" on a detected email or manually entering one), the email is sent to our verification infrastructure over a TLS-encrypted connection. After verification, the email is hashed using SHA-256 before being stored in our database. We do NOT store raw email addresses in our database after processing. The email is used only for the purpose of delivering the verification result to you.

Account Information

When you create an account, we store your email address and encrypted password (or OAuth identity). This is used to authenticate you and manage your subscription.

Usage Data

We track the number of verifications you perform, timestamps, and verification results (Safe/Risky/Unsafe) for rate limiting, abuse prevention, and usage analytics. This data is associated with your account and is not shared externally.

Payment Information

If you purchase a paid plan or burst credits, payment processing is handled entirely by our payment providers (PayPal and Razorpay). We do not collect, store, or have access to your credit card numbers, bank account details, or other financial information. We receive only a transaction confirmation (order ID, amount, and status) from these providers to activate your subscription.

Browser Extension Data (Local Only)

The following data is stored entirely in your browser's local storage and is never sent to our servers:

  • Your extension preferences (e.g., disabled sites, inline detection toggle, modifier key preference)
  • Cached verification results (up to 24 hours) to avoid redundant API calls
  • Recent verification history (last 20 emails verified, for your convenience)
  • Authentication tokens for your active session
  • Pending OTP sign-in state (if you use email code login)

Data We Do NOT Collect

  • Browsing history or URLs you visit
  • Page content (other than email addresses you explicitly choose to verify)
  • Cookies or tracking data from visited sites
  • Personal data from LinkedIn, social media, or third-party profiles
  • Keystrokes, form inputs, or mouse movement data
  • Screenshots, page captures, or DOM content
  • IP addresses for tracking or profiling purposes

How We Use Your Data

  • To provide the Service - Delivering email verification results, managing your account, and enforcing usage limits.
  • To improve the Service - Analyzing aggregate, anonymized usage patterns to improve verification accuracy and performance.
  • To communicate with you - Sending account-related notifications such as subscription confirmations or policy changes. We do not send marketing emails unless you explicitly opt in.
  • To prevent abuse - Monitoring for automated access, rate limit circumvention, or other violations of our Terms of Service.

Data Sharing

We do not sell, rent, or trade your personal data to third parties. We share data only in the following limited circumstances:

  • Service providers - With the third-party services listed below, solely to operate the Service. Each provider is contractually bound to process data only as instructed and to maintain appropriate security measures.
  • Email deliverability services - Email addresses you submit for verification may be transmitted to trusted third-party deliverability services solely to complete the verification request. These services receive only the email address being verified, process it in real time, and do not retain it.
  • Legal compliance - When required by law, regulation, subpoena, or legal process.
  • Safety - To investigate fraud, abuse, or security incidents.
  • Business transfers - In connection with a merger, acquisition, or sale of assets, with prior notice to affected users.

Third-Party Services

We use the following third-party services to operate InboxCheck:

  • Supabase - Authentication and database (Privacy Policy)
  • Cloudflare - Hosting, CDN, and edge compute infrastructure (Privacy Policy)
  • PayPal - Payment processing for international users (Privacy Policy)
  • Razorpay - Payment processing for Indian users (Privacy Policy)
  • Upstash - Redis caching for rate limiting and hashed verification results (Privacy Policy)

Chrome Web Store User Data Policy Compliance

InboxCheck's use and transfer to any other app of information received from Google APIs adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. Specifically:

  • We only use permissions to provide and improve the email verification functionality described in our Chrome Web Store listing.
  • We do not transfer user data to third parties except as necessary to provide the Service, comply with applicable laws, or as part of a merger or acquisition with prior notice.
  • We do not use or transfer user data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • We do not allow humans to read user data, except with the user's affirmative consent for a specific request (e.g., technical support), for security purposes (e.g., investigating abuse), to comply with applicable laws, or when the data is aggregated and anonymized for internal operations.
  • All other uses of data obtained through Chrome APIs are also limited to the purposes described in this policy.

Data Retention

  • Local cache (browser): Up to 24 hours, stored entirely on your device and automatically purged
  • Server-side verification logs: 90 days (SHA-256 hashed email, result, timestamp only)
  • Account data: Retained until you delete your account
  • Payment records: Retained as required by applicable tax and financial regulations

Data Security

We implement industry-standard security measures including:

  • SHA-256 hashing of all email addresses before database storage
  • TLS 1.2+ encryption for all data in transit
  • Row-Level Security (RLS) on all Supabase database tables
  • Encrypted authentication tokens with automatic expiration and secure refresh
  • Edge computing via Cloudflare Workers to minimize data transit and latency
  • Regular security reviews of our codebase and infrastructure

While we take reasonable precautions to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access - Request a copy of the personal data we hold about you.
  • Deletion - Delete your account and all associated data by contacting us or through your account settings.
  • Correction - Request correction of inaccurate personal data.
  • Data portability - Request an export of your verification history in a machine-readable format.
  • Opt out - Uninstall the extension at any time to stop all data collection. Clear your local cache via the extension's Settings screen.
  • Withdraw consent - Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, contact us at privacy@inboxcheck.io. We will respond within 30 days.

International Data Transfers

Your data may be processed in data centers outside your country of residence, including in the United States and the European Union (via Cloudflare and Supabase infrastructure). We ensure all transfers comply with applicable data protection laws through appropriate safeguards, including Standard Contractual Clauses where required. For detailed information, see our Data Processing Agreement.

Cookies & Tracking

The inboxcheck.io website uses essential cookies only for authentication and session management. We do not use advertising cookies, tracking pixels, or third-party analytics services. The Chrome extension does not set or read any cookies.

Children's Privacy

The Service is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us with personal data, please contact us immediately and we will promptly delete such data.

Changes to This Policy

We may update this policy from time to time. If we make material changes, we will notify you via email or through a notice on the Service at least 30 days before the changes take effect. The "Last updated" date above reflects the most recent revision. Continued use of the Service after changes constitutes acceptance of the updated policy.

Contact

Lanos Technologies Pvt. Ltd.
Silver Square, Dattatray Road, Santacruz West, Mumbai, India

For privacy inquiries, data requests, or complaints, email us at privacy@inboxcheck.io.