Back to Home

Data Protection Compliance

Last updated: June 2025

Data Protection Compliance

Effective Date: January 1, 2025

1. Overview

SwiftInbox AI is committed to protecting your personal data and maintaining compliance with applicable data protection laws worldwide. This document outlines our comprehensive approach to data protection, including GDPR, CCPA, and other relevant regulations.

We implement privacy-by-design principles and maintain the highest standards of data security to protect your information.

2. Regulatory Compliance Framework

2.1 Additional Compliance Standards

  • PIPEDA: Personal Information Protection and Electronic Documents Act (Canada)
  • LGPD: Lei Geral de Proteção de Dados (Brazil)
  • PDPA: Personal Data Protection Act (Singapore)
  • Privacy Act: Australian Privacy Principles
  • COPPA: Children's Online Privacy Protection Act

3. GDPR Compliance Details

3.1 Legal Basis for Processing

We process personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide our Service
  • Legitimate Interest: Service improvement and security measures
  • Consent: Marketing communications and optional features
  • Legal Obligation: Compliance with applicable laws

3.2 Data Subject Rights

Under GDPR, you have the following rights:

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a portable format
  • Right to Object: Object to processing based on legitimate interests
  • Rights Related to Automated Decision-Making: Opt out of automated processing

3.3 Data Protection Officer

Our Data Protection Officer oversees GDPR compliance and serves as your primary contact for data protection matters:

Data Protection Officer
Email: [email protected]
Response Time: Within 72 hours

3.4 International Data Transfers

When transferring data outside the EU, we use appropriate safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions for transfers to approved countries
  • Binding Corporate Rules for intra-group transfers
  • Certification schemes and codes of conduct

4. CCPA Compliance Details

4.1 California Consumer Rights

Under CCPA, California residents have the right to:

  • Know: What personal information we collect and how it's used
  • Delete: Request deletion of personal information
  • Opt-Out: Opt out of the sale of personal information (we don't sell data)
  • Non-Discrimination: Equal service regardless of privacy choices

4.2 Categories of Personal Information

We collect the following categories of personal information:

  • Identifiers: Email addresses, account IDs
  • Commercial Information: Subscription and billing data
  • Internet Activity: Service usage patterns and preferences
  • Professional Information: Job title and company information

4.3 CCPA Request Process

To exercise your CCPA rights, contact us at: [email protected] or use our online form. We will verify your identity and respond within 45 days.

5. Technical and Organizational Measures

5.1 Data Security Measures

  • Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
  • Access Controls: Role-based access with multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and monitoring
  • Data Minimization: Collect only necessary data for service provision
  • Regular Audits: Quarterly security assessments and penetration testing

5.2 Organizational Measures

  • Staff Training: Regular data protection training for all employees
  • Privacy Policies: Comprehensive internal privacy procedures
  • Incident Response: Documented breach response procedures
  • Vendor Management: Due diligence on all data processors
  • Data Retention: Automated deletion based on retention schedules

5.3 Privacy by Design

We implement privacy by design principles in all our systems:

  • Privacy as the default setting
  • Full functionality with privacy protection
  • End-to-end security throughout the data lifecycle
  • Transparency and accountability in all processes

6. Data Processing Activities

6.1 Processing Purposes

We process personal data for the following purposes:

  • Service Provision: Email analysis and organization
  • Account Management: User authentication and billing
  • Customer Support: Responding to inquiries and issues
  • Service Improvement: Analytics and feature development
  • Security: Fraud prevention and system protection
  • Legal Compliance: Meeting regulatory requirements

6.2 Data Retention Periods

  • Account Data: Retained while account is active + 90 days
  • Email Content: Processed in real-time, not permanently stored
  • Usage Analytics: 24 months from collection
  • Support Communications: 3 years from last contact
  • Billing Records: 7 years for tax and legal compliance

6.3 Third-Party Data Sharing

We share personal data only with trusted service providers under strict contractual obligations:

  • Cloud Infrastructure: Google Cloud Platform (data processing agreement in place)
  • Payment Processing: Stripe (PCI DSS compliant)
  • Customer Support: Zendesk (GDPR compliant)
  • Analytics: Anonymized data only, no personal identifiers

7. Data Breach Response

7.1 Incident Response Plan

Our data breach response plan includes:

  • Detection: 24/7 monitoring and automated alerts
  • Assessment: Risk evaluation within 2 hours
  • Containment: Immediate steps to limit breach impact
  • Investigation: Forensic analysis to determine cause and scope
  • Notification: Regulatory and user notifications as required
  • Recovery: System restoration and security improvements

7.2 Notification Timelines

  • Regulatory Authorities: Within 72 hours (GDPR requirement)
  • Affected Users: Without undue delay if high risk to rights and freedoms
  • Business Partners: As contractually required

8. Children's Privacy

Our Service is not intended for children under 16 years of age (or 13 in jurisdictions where COPPA applies). We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will delete it immediately.

Parents or guardians who believe their child has provided personal information should contact us immediately at: [email protected]

9. Cross-Border Data Transfers

9.1 Transfer Mechanisms

For international data transfers, we use appropriate safeguards:

  • Adequacy Decisions: Transfers to countries with adequate protection
  • Standard Contractual Clauses: EU-approved contract terms
  • Binding Corporate Rules: Internal data transfer policies
  • Certification Programs: Industry-recognized privacy certifications

9.2 Data Localization

Where required by local law, we maintain data within specific geographic boundaries and provide local data residency options for enterprise customers.

10. Exercising Your Rights

10.1 How to Submit Requests

You can exercise your data protection rights through:

  • Online Portal: Privacy settings in your account dashboard
  • Email: [email protected]
  • Mail: Privacy Team, SwiftInbox Technologies Pvt Ltd., Church Road, Chikmagalur, 577101

10.2 Identity Verification

To protect your privacy, we verify your identity before processing requests. This may involve:

  • Account authentication through your registered email
  • Security questions or two-factor authentication
  • Government-issued ID for sensitive requests

10.3 Response Timeframes

  • GDPR Requests: Within 30 days (extendable to 60 days for complex requests)
  • CCPA Requests: Within 45 days (extendable to 90 days)
  • Other Jurisdictions: According to local law requirements

11. Complaints and Supervisory Authorities

11.1 Filing Complaints

If you're not satisfied with how we handle your data protection concerns, you have the right to file a complaint with:

  • EU Users: Your local Data Protection Authority
  • UK Users: Information Commissioner's Office (ICO)
  • California Users: California Attorney General's Office
  • Other Jurisdictions: Relevant privacy regulatory authority

11.2 Lead Supervisory Authority

For EU operations, our lead supervisory authority is the Irish Data Protection Commission, as our EU operations are based in Ireland.

12. Regular Compliance Reviews

12.1 Internal Audits

We conduct regular internal audits to ensure ongoing compliance:

  • Quarterly: Data processing activity reviews
  • Semi-annually: Privacy policy and procedure updates
  • Annually: Comprehensive compliance assessment

12.2 External Assessments

We engage independent third parties for:

  • Annual SOC 2 Type II audits
  • ISO 27001 certification maintenance
  • Privacy impact assessments for new features
  • Penetration testing and security assessments

13. Updates to This Policy

We review and update this Data Protection Compliance document regularly to reflect:

  • Changes in applicable data protection laws
  • Updates to our data processing activities
  • Improvements in our security measures
  • Feedback from regulatory authorities

Material changes will be communicated through email notifications and prominent website notices.

14. Contact Information

For data protection questions, requests, or concerns:

Privacy: [email protected]
Support: [email protected]
Data Protection Officer: [email protected]
Address: SwiftInbox Technologies Pvt Ltd., Church Road, Chikmagalur, 577101