This DPA applies when Inboxiqo processes personal data on behalf of a customer in connection with email verification services.
This DPA applies when Inboxiqo processes personal data on behalf of a customer in connection with email verification services.
For customer submitted email addresses, uploaded files, and verification jobs, the customer is usually the controller and Inboxiqo is the processor. For account, billing, security, and service administration data, Inboxiqo may act as an independent controller.
Inboxiqo will process customer personal data only to provide the service, follow documented customer instructions, comply with law, secure the platform, and perform related support and operational tasks.
If we believe an instruction violates data protection law, we may notify the customer and pause the affected processing where appropriate.
The subject matter is email verification and related deliverability diagnostics. The purpose is to verify submitted email addresses, produce results, maintain job and proxy logs, prevent abuse, and support customer workflows.
Data may include email addresses, domains, verification statuses, uploaded file names, job identifiers, IP addresses, API usage records, account identifiers, and support communications.
Data subjects may include customer contacts, subscribers, leads, employees, contractors, app users, and the customer's authorized account users.
The customer is responsible for having a lawful basis to submit email addresses and for ensuring that uploaded lists are not purchased, scraped, harvested, stolen, or otherwise unlawfully obtained.
The customer must not use Inboxiqo results for spam, phishing, unlawful marketing, harassment, or other illegal activity.
Inboxiqo personnel and contractors with access to customer personal data must be subject to confidentiality obligations and may access data only where needed for service, support, security, or legal reasons.
Inboxiqo maintains reasonable technical and organizational measures appropriate to the nature of the service, including access controls, encrypted transport, logging, monitoring, backups, credential controls, and operational separation between web, API, and worker components.
Inboxiqo does not currently claim ISO, SOC 2, or similar formal security certification.
The customer authorizes Inboxiqo to use subprocessors for hosting, database, payment, authentication, analytics, support, email, logging, and security services. Inboxiqo remains responsible for subprocessors it engages to process customer personal data for the service.
We will use commercially reasonable efforts to ensure subprocessors are bound by data protection obligations appropriate to their role.
Taking into account the nature of the processing, Inboxiqo will reasonably assist customers in responding to data subject requests related to customer personal data processed through the service.
Inboxiqo will notify affected customers without undue delay after becoming aware of a personal data breach involving customer personal data, and will provide information reasonably available to help customers meet their own notification duties.
Upon account closure or written request, Inboxiqo will delete or return customer personal data where technically feasible, unless retention is required by law, security, fraud prevention, backups, billing records, or legitimate operational needs.
Upon reasonable written request, Inboxiqo will provide information necessary to demonstrate compliance with this DPA. Any audit must be limited, confidential, non-disruptive, and subject to reasonable notice.
Where international transfer safeguards are required, the parties will use appropriate mechanisms such as standard contractual clauses or equivalent lawful transfer tools.
Email verification for clean lists, fewer bounces, and safer sending workflows.