Terms of Service

1. Acceptance of Terms

These Terms of Service (“Terms”) govern your use of InboxWatch (“the Service”), operated by InboxWatch (“we,” “us,” or “our”). By creating an account, connecting an email provider, or otherwise using the Service, you agree to be bound by these Terms. If you do not agree, do not use the Service.

2. Description of Service

InboxWatch is an email security scanning platform that analyzes your mailbox configuration, metadata, and infrastructure to identify security vulnerabilities. The Service includes:

• Security Scanning: 100+ automated checks across 10 threat categories including forwarding rules, OAuth app permissions, sign-in anomalies, spoofing protection, and account delegation
• Automated Monitoring: Recurring scans up to every 30 minutes to detect new threats
• AI-Powered Analysis: Machine learning analysis of findings to reduce false positives and identify attack patterns
• Breach Monitoring: Continuous dark web credential monitoring using third-party breach databases
• Phishing Simulations: Customizable phishing test campaigns for security awareness training
• Domain Protection: Lookalike domain detection and email exposure mapping
• Attack Chain Correlation: Automated detection of coordinated threat patterns across findings
• Guided Remediation: Step-by-step fix guides and one-click auto-fixes for supported issues

The Service supports Gmail (including Google Workspace) and Microsoft 365 (including Outlook.com, Hotmail, and organizational accounts). InboxWatch accesses only email metadata, mailbox settings, and security configurations — we never read, store, or access the content of your emails or attachments.

3. Account Registration and Authentication

To use the Service, you must authenticate with a valid Google or Microsoft account via OAuth 2.0. You agree that:

• You are the authorized owner or administrator of the email account you connect
• You will maintain the security of your authentication credentials
• You are responsible for all activity that occurs under your account
• You will promptly notify us of any unauthorized use of your account

We assign roles to accounts: User (standard access), Admin (organization-scoped management), and Super Admin (global platform administration). Role assignments are managed by us and cannot be self-assigned.

4. Free Scans and Pricing

New accounts receive 15 free scans (lifetime allowance, not recurring). No credit card is required to start. After free scans are exhausted:

• Pay-as-you-go: Each scan beyond the free allowance is billed at the current per-scan rate via Stripe metered billing
• Volume discounts: Automatic price reductions at higher usage tiers
• Spending limits: You may configure spending limits in your account settings
• Automated scans: Recurring automated monitoring counts toward your usage

Prices are displayed on our Pricing page. We reserve the right to modify pricing with 30 days' notice. You will not be charged retroactively for pricing changes.

5. Permitted Use

You may use the Service to:

• Scan email accounts you own or have explicit authorization to scan
• Conduct legitimate security assessments for personal or business purposes
• Manage security monitoring for client accounts as an authorized MSP or IT service provider
• Run phishing simulations on accounts within your organization with proper authorization
• Access and export your scan results and security reports

6. Prohibited Use

You may not:

• Scan email accounts without the account owner's explicit authorization
• Attempt to circumvent security measures, rate limits, or access controls
• Use the Service for any illegal purpose or to facilitate unauthorized access to third-party systems
• Reverse engineer, decompile, or disassemble any part of the Service
• Resell, sublicense, or redistribute the Service without written permission
• Interfere with or disrupt the Service, its servers, or connected networks
• Use the Service to harvest data for competitive intelligence about our product
• Exceed rate limits: 5 scans per minute, 20 scans per hour, 48 automated scans per day per account

7. MSP and Multi-Tenant Use

Managed Service Providers (MSPs) and IT service providers may use InboxWatch to monitor multiple client email accounts, subject to the following:

• You must have written authorization from each client whose accounts you scan
• You are responsible for ensuring your clients understand the data access involved
• Cross-tenant correlation features aggregate findings across your managed accounts but do not share client data between separate clients
• Each client account's scan results are isolated and accessible only to authorized users within your organization

8. Intellectual Property

All content, features, and functionality of the Service (including detection algorithms, fix guides, UI design, and documentation) are owned by InboxWatch and protected by copyright, trademark, and other intellectual property laws.

Your data: You retain ownership of all data you provide and all scan results generated from your accounts. We claim no ownership rights over your security reports, findings, or exported data.

9. OAuth Access and Revocation

The Service requires OAuth access to your email provider to perform security scans. You may revoke this access at any time:

• Google: Google Account → Security → Third-party apps
• Microsoft: Microsoft Account → Privacy → App access

Revoking OAuth access immediately stops all automated scanning. Existing scan results remain accessible until deleted per our retention policy.

12. Indemnification

You agree to indemnify, defend, and hold harmless InboxWatch from any claims, damages, losses, or expenses (including reasonable attorneys' fees) arising from your use of the Service, your violation of these Terms, or your violation of any rights of a third party, including scanning accounts without proper authorization.

13. Termination

By you: You may terminate your account at any time through your account settings or by contacting us. Upon termination, your scan results are deleted per our data retention policy.

By us: We reserve the right to suspend or terminate your access immediately, without notice, for:

• Violation of these Terms, including scanning unauthorized accounts
• Abusive usage patterns or rate limit circumvention
• Non-payment of applicable fees
• At our sole discretion, with reasonable notice when practicable

14. Service Availability

We strive for high availability but do not guarantee uptime. The Service may be temporarily unavailable for maintenance, updates, or circumstances beyond our control. Automated scans that cannot execute during downtime will resume at the next scheduled interval.

15. Changes to Terms

We may modify these Terms at any time by posting the revised version on this page with an updated “Last updated” date. Material changes will be communicated via email to the address associated with your account. Continued use of the Service after changes take effect constitutes acceptance of the revised Terms.

16. Governing Law

These Terms shall be governed by and construed in accordance with the laws of the State of New York, United States, without regard to conflict of law principles. Any disputes arising from these Terms or the Service shall be resolved in the state or federal courts located in New York, New York.

17. Severability

If any provision of these Terms is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.

18. Contact

Questions about these Terms? Contact us: