Skip to main content

This privacy policy describes how SaneBox, Inc. (“we”, “us”, and “our”) collects, stores, uses, and protects personal data. By using the SaneBox hosted email inbox organization and management application (the “Service”), you agree to our processing of personal data that you submit to the Service.

We may update this privacy policy from time to time by posting a new version on this web page. You should visit this page occasionally to ensure you agree with any changes. When we make an update, will post our revised privacy policy on this web page and update the “last modified” date below to reflect the date of the most recent change. By continuing to use our Service after we post any such changes, you agree that you accept the new privacy policy.

We last modified this privacy policy on February 1, 2021.

Our Commitment To Privacy

Your privacy is very important to us. To help ensure you’re in control of your personal data, we provide this privacy policy to explain how we process personal data and the rights you have to limit our use of your personal data. We’re proud to showcase our efforts to protect your privacy and provide you with a great service.

The Data We Collect

This privacy policy applies to all personal data processed in the Service, which typically includes email headers along with any personal data contained in those email headers. As a result, it is not possible to list all types of personal data that may be processed. However, we typically process:

  • biographical data (such as first name and last name);
  • contact data (such as email address);
  • for third party integrations (e.g., Google Mail) we may have to store authorization credentials and related data for other sites;
  • comments you make in our forums or elsewhere on our website, which could include any category of personal data; and
  • any other type of data we may ask you or that you may choose to provide us with.


When you use the SaneBox service as an agent (e.g., an employee) of an organization, your organization is the data controller, and SaneBox is a data processor for the personal data we process for you in our Service.

And when you use the SaneBox service as an individual, SaneBox is the data controller. Legal jargon aside, our goal is to ensure that you, as a SaneBox user, are in control of how your data is processed in our Service.

Basis of Processing

Where SaneBox acts as a data controller, we rely on one or more of the following legal grounds for processing your personal data:

  • the need to perform our obligations under a contract or to perform related pre-contractual duties;
  • any other ground, as required or permitted by law in the specific respective context.

When SaneBox acts as a data processor, we process your personal data based on the documented instructions of our customer.

The Way We Use Personal Data

We may use personal data for the following purposes:

  • to enable your use of the features we provide through our Service;
  • to communicate with you and to authenticate with third-party products integrated with our Service;
  • to charge you applicable fees for using our Service; and
  • to diagnose technical problems with our Service.

We may also use non-identifying and aggregated data to help improve our Service and our website.

Our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Data Retention

We will delete all the personal data that you’ve previously submitted to the Service, as soon as you cancel your Service.

All email resides on the customer’s email server and is never held on SaneBox servers. SaneBox simply monitors the customers SaneBox related email folders and asks the email server to move emails accordingly.

We log and keep information on active accounts about email movement and behavior in order to debug any current issues customers may report. But, we securely remove those email activity logs older than 30 days

We securely remove customer data (that can be regenerated) from inactive accounts after 90 days. This includes any cached information about emails that did reside in the customers email server folders that SaneBox monitors.

We "cancel" accounts that have no billing relationship and have been inactive for 6 months. The customers are warned about once a month that this cancelation is pending and given directions for how to activate their accounts to avoid it.

Permissions needed for SaneBox to work

We are required to obtain certain permissions  in order for SaneBox to function. If we could ask for less, we certainly would.


A cookie is a small piece of data that a website or app stores on your computer or mobile device. We use the following types of cookies:

User‑input cookies (i.e., session ID) which are first‑party cookies that keep track of your input when filling online forms, and similar things. These cookies have a lifespan of not more than a few hours, typically.

Authentication cookies, which identify you once you’ve logged in to our web application, and which last for the duration of your session.

Multimedia content player cookies, which are used to store technical data to help play back video or audio content. These cookies usually last for the duration of your session.

Third‑party social plug‑in content‑sharing cookies (if you’re a logged‑in member of a social network).

We may also use retargeting or remarketing technologies to show you our ads on sites that you visit across the Internet. SaneBox and third-party vendors, including Google, use cookies to inform, optimize, and serve ads based on your recent visits to our website.

Sharing Personal Data with Service Providers

We share personal data with our service providers, that process personal data on behalf of SaneBox. Such third parties include those providing:

  • Internet hosting and infrastructure services;
  • payment processing services;
  • services for monitoring the performance of our web services;
  • IT support desk services; and
  • customer support.

Our service providers may be located outside of the United States; however, we will require that those third parties maintain at least the same level of confidentiality that we maintain for such personal data. SaneBox may be liable for the protection of your personal data that we transfer to our service providers, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.

Other Disclosures of Your Personal Data

We may disclose your personal data (i) to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders, (ii) if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change, or (iii) to our subsidiaries or affiliates only if necessary for business and operational purposes.

We reserve the right to use and share aggregated, anonymous data, which does not include any personal data, about our Service’s users as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers and customers.

If we must disclose your personal data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your personal data will maintain the privacy or security of your personal data.

Our Commitment to Data Security

To prevent unauthorized access, to maintain the accuracy of your personal data, and to ensure that you’re in control of your personal data, we have put in place appropriate physical, technical, and administrative controls to safeguard and secure the personal data we process.

All payments and payment data submitted on our site is handled through Stripe, Paypal or Amazon payments. No such payment data is retained within our computer systems.

Our Commitment to Children's Privacy

Protecting the privacy of the young is especially important. For that reason, we never collect or otherwise process personal data about anyone we actually know is under 13, and no part of our website is structured to attract anyone under 13.

Erasing, Accessing, Changing, or Updating Your Personal Data

If we process your personal data, your SaneBox profile settings enable you to:

  • update and correct your personal data;
  • delete all your personal data that we process on your behalf (by cancelling your account); and
  • restrict the processing of your personal data by pausing your account.

Additionally, if we process your personal data, you may have the right to ask that we limit our processing of your personal data, and you may have the right to object to our processing of your personal data. You may also have the right to have your personal data exported from the SaneBox Service in a commonly-used, machine-readable format. To exercise such rights, where applicable, please contact us using the information in the How to Contact Us section of this privacy policy.

If you reside in California, you may have legal rights with respect to your personal data, including those set forth under the California Consumer Privacy Act (CCPA). Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the specific pieces of personal information we collect, including how we use and disclose this information( we only use your information to filter your email), to delete their personal information (this happens automatically when you cancel your SaneBox account), to opt out of any “sales” that may be occurring (we do not sell your personal data in any manner, even in the broad definition of the CCPA) and to not be discriminated against for exercising these rights. California consumers may make a request pursuant to their rights under the CCPA by contacting us at [email protected].

Who Owns Your Data?

You own the data associated with your account. We only access the envelope and header data associated with your emails. The actual body of your emails (i.e., the contents of the email message) are never downloaded or accessed by our systems.

When you cancel your SaneBox membership, we not only securely delete all data on our servers associated with your mail account but we also delete any labels or flags we might have created - so not only will we no longer have any of your data on our servers, but also your email inbox will look exactly like it did before you signed up with us.

If for any reason, SaneBox, Inc. decides to discontinue the SaneBox Service, all users will be contacted by email and their account data will be securely deleted from our servers in a timely manner.

And remember that we will only backup metadata - never the actual email envelopes. So once securely deleted, it’s practically impossible for us, or anyone else, to recover them.

How to Contact Us

If you have a complaint, dispute, or questions regarding this privacy policy or our processing of your personal data, please leaving us a note at  or email us at [email protected]

European Union Representative

VeraSafe has been appointed as SaneBox's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the European Economic Area, VeraSafe can be contacted in addition to SaneBox, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: or via telephone at: +420 228 881 031.

Alternatively, VeraSafe can be contacted at:

VeraSafe Czech Republic s.r.o
Klimentská 46
Prague 1, 11002
Czech Republic

VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P

Regulatory Oversight

If you are an individual in the European Union whose personal data we process, and we’re unable to resolve a privacy-related complaint you lodge with SaneBox, you may also have the right to lodge that complaint with a data protection regulator in your EU Member State, and, under certain conditions, to invoke binding arbitration.

SaneBox complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the European Economic Area to the United States. You can learn more about Privacy Shield at We ask that you first submit any complaints about our Privacy Shield compliance directly to us via [email protected].

In compliance with the Privacy Shield Principles, SaneBox commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact SaneBox via email at [email protected].

SaneBox has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU. EU DPAs are the sole independent recourse mechanism for Privacy Shield.

SaneBox is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).