InboxBill

Security & privacy

"I don't want you reading my emails" — we hear this all the time. Here's exactly how InboxBill handles your data and why you stay in control.

Encryption

AES-256-GCM

Transit

TLS 1.2+

DB isolation

Row-Level Security

Email storage

None

We process your emails — we don't store them

When InboxBill scans your inbox it reads each email once, extracts the structured invoice fields (supplier, amount, date, invoice number), then discards the raw content. Your emails are never persisted in our database.

What is stored per invoice: supplier name, sender address, total amount, invoice number, due date, and any PDF line items — the same fields you'd type into a spreadsheet by hand. Nothing more.

OAuth tokens are encrypted at rest

Connecting Gmail or an accounting tool gives InboxBill an OAuth token — a credential that proves your consent without sharing your password. These tokens are the most sensitive data we hold.

Every token is encrypted with AES-256-GCM using a secret key that is never stored in the database. Even if a database backup were leaked, the tokens would be unreadable without the separate encryption key.

Gmail / Outlook access tokens
Gmail / Outlook refresh tokens
Xero OAuth tokens
QuickBooks OAuth tokens
FreeAgent OAuth tokens
Extracted email text snippets

Data in transit is always encrypted

All communication between your browser, our servers, and third-party APIs (Gmail, Xero, Stripe) uses TLS 1.2+. There is no unencrypted HTTP path into the application.

Row-Level Security — your data is only yours

Every database table is protected by Supabase Row-Level Security policies. Queries are enforced at the database level, so no bug in application code can accidentally expose one user's invoices to another. Your data is completely isolated from every other account.

Minimal scopes, revocable at any time

InboxBill requests only the permissions it needs. Gmail access is read-only — we cannot send, delete, or modify emails. Accounting integrations use the narrowest scope required to create bills.

Disconnecting an integration from Settings → Integrations immediately deletes the stored token from our database. We have no further ability to access that account.

No AI training on your data

Your invoice data is sent to Claude (by Anthropic) solely to extract structured fields. It is not used to train AI models. Anthropic's API data usage policy guarantees that API inputs and outputs are not used to improve their models without your explicit consent.

What InboxBill can and cannot do with your Gmail

Can do

  • Search for emails matching invoice keywords
  • Read matching emails to extract invoice data
  • Download PDF attachments from matching emails

Cannot do

  • Send emails on your behalf
  • Delete or modify emails
  • Access emails outside invoice keywords
  • Store your full email content

Coming soon

Security is an ongoing commitment. Here's what we're building next.

Passwordless login

In progress

Sign in with a magic link or passkey — no password to phish, no credential to leak.

Two-factor authentication (2FA)

Planned

Optional TOTP / authenticator app support for an extra layer on your account.

Full audit log

Planned

A tamper-evident log of every scan, approval, and settings change on your account.

EU data residency

Planned

Choose to store your data exclusively in EU Supabase regions to meet GDPR requirements.

SOC 2 Type II

On roadmap

Third-party audit of our security controls — the industry standard for B2B SaaS.

Questions about how your data is handled? Get in touch