Legal
Last updated: May 2026
InboxXray is a security analysis tool for email. You provide headers, links, .eml files, and when enabled attachment metadata or hashes; we provide a clear risk assessment. Use the service responsibly, pay for your tier, and do not abuse our infrastructure. Because email security is probabilistic, we provide an assessment, not a 100% guarantee. By using the tool, you agree to these rules.
By installing the InboxXray browser extension or accessing our web dashboard ("the Service"), you agree to be bound by these Terms. If you do not agree, you must uninstall the extension and cease use of the Service. You must be at least 16 years old to create an account.
InboxXray provides a security analysis suite that:
Informational Tool Only: InboxXray is an automated assistant. It is designed to supplement your own judgment and professional security practices, not replace them.
Provider: We use Stack Auth for secure managed authentication.
Responsibility: You are responsible for all activity under your account. You must notify us immediately of any unauthorized access.
OAuth: If you use Google OAuth, your account is subject to these Terms and our Privacy Policy regarding Google User Data.
Free Tier: Includes 3 starter analyses, followed by 2 free analyses every 7 days.
Pro Subscription: Billed at $7/month or $70/year via Stripe.
Automatic Renewal: Subscriptions renew automatically unless canceled via the Billing Portal.
Taxes: Taxes are applied where applicable based on your location.
To maintain the integrity of the Service, you agree not to:
Ownership: You retain all ownership of the data you submit.
Limited License: By using the Service, you grant InboxXray a limited, worldwide license to process your submitted email data, including headers, body snippets, links, uploaded .eml content, attachment names, and attachment hashes, solely to provide the requested analysis.
Third-Party Processing: This license includes the right to transmit data to our vetted sub-processors as described in our Privacy Policy: Anthropic for AI analysis, Google Web Risk and urlscan.io for URL reputation, and CIRCL Hashlookup, MalwareBazaar, and ThreatFox for attachment hash reputation. URLs submitted to urlscan.io may be stored on their platform with unlisted visibility; attachment reputation providers receive hashes and limited metadata, not attachment file contents.
AI Training: We explicitly state that your data is processed via commercial API tiers that prohibit the use of your data for training AI models.
"As-Is" Service: InboxXray is provided without warranties of any kind. Security is a moving target; we do not guarantee detection of every phishing attempt, malicious link, suspicious attachment, or malware indicator.
No Liability for False Negatives: InboxXray shall not be liable for any damages (financial, data loss, or otherwise) resulting from a "False Negative" (a malicious email, link, or attachment marked as safe) or a "False Positive."
AI Hallucinations: AI-generated summaries are probabilistic. We are not responsible for inaccuracies in the AI's interpretation of email intent.
Maximum Liability: To the extent permitted by law, our total liability is limited to the amount you paid for the Service in the 12 months preceding the claim, or $70, whichever is higher.
By You: You can cancel your subscription or delete your account at any time. Deleting your account permanently purges your 14-day history.
By Us: We reserve the right to suspend accounts that show patterns of API abuse or violation of the Acceptable Use Policy.
These Terms are governed by the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the courts of England and Wales.