Global data protection standards.
全球数据保护标准。
Last Updated: 2026-03-09
最后更新:2026年3月9日
Quanta Flow Inc. ("GridInbox", "we", "us", or "our") is a Wyoming corporation committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, share, and protect information — including Google user data — when you use the GridInbox service. By using GridInbox, you agree to the practices described in this policy.
Quanta Flow Inc.("GridInbox"、"我们")是一家怀俄明州公司,致力于保护您的隐私。本隐私政策说明我们在您使用 GridInbox 服务时如何收集、使用、存储、共享和保护信息(包括 Google 用户数据)。使用 GridInbox 即表示您同意本政策所述的做法。
1. Information We Collect1. 我们收集的信息
We collect the following categories of data to provide and improve our service:我们收集以下类别的数据,以提供和改进我们的服务:
1.1 Account & Profile Information1.1 账户和个人资料信息
- Name, email address, and password (or OAuth token) used to register your account.用于注册账户的姓名、电子邮件地址及密码(或 OAuth 令牌)。
- Billing information (processed and stored by Stripe; we do not store full card numbers).账单信息(由 Stripe 处理和存储;我们不存储完整卡号)。
- Organization name, domain settings, and team member information you provide.您提供的组织名称、域名设置及团队成员信息。
1.2 Google User Data (via Google OAuth)1.2 Google 用户数据(通过 Google OAuth)
When you connect a Google account to GridInbox, we access the following Google user data through the Google API with your explicit consent:当您将 Google 账户连接至 GridInbox 时,我们在您明确同意的情况下,通过 Google API 访问以下 Google 用户数据:
- Gmail messages and metadata — email subject, sender, recipient, date, body content, and attachments, solely to display and manage your inbox within the GridInbox interface.Gmail 邮件及元数据 — 邮件主题、发件人、收件人、日期、正文内容及附件,仅用于在 GridInbox 界面内展示和管理您的收件箱。
- Gmail labels and folders — to replicate your organizational structure inside GridInbox.Gmail 标签和文件夹 — 用于在 GridInbox 中复制您的邮件组织结构。
- Google account basic profile (name, email address, profile picture) — to identify your account and display your profile within GridInbox.Google 账户基本资料(姓名、电子邮件地址、头像)— 用于识别您的账户并在 GridInbox 中显示您的个人资料。
We access only the minimum scopes necessary to provide the core service features you have requested.我们仅请求提供您所要求的核心服务功能所必需的最少权限范围。
1.3 Email Content1.3 邮件内容
- Inbound emails received via our custom domain routing (SMTP/SES/Cloudflare Email Routing).通过我们的自定义域名路由(SMTP/SES/Cloudflare 邮件路由)接收的入站邮件。
- Email metadata: sender, recipient, subject, timestamps, headers.邮件元数据:发件人、收件人、主题、时间戳、邮件头。
- Attachments stored in encrypted object storage (AWS S3/R2).存储在加密对象存储(AWS S3/R2)中的附件。
1.4 Usage and Technical Data1.4 使用数据和技术数据
- IP address, browser type, operating system, and device information.IP 地址、浏览器类型、操作系统和设备信息。
- Feature usage logs, API call logs, and error reports (no email body content is included in logs).功能使用日志、API 调用日志和错误报告(日志中不包含邮件正文内容)。
- Session tokens and authentication data.会话令牌和认证数据。
2. How We Use Your Information2. 我们如何使用您的信息
We use the data we collect strictly for the following purposes:我们严格将收集的数据用于以下目的:
2.1 Providing the Service2.1 提供服务
- To display, organize, and manage your emails (including Gmail messages accessed via the Google API) within the GridInbox interface.在 GridInbox 界面中展示、整理和管理您的邮件(包括通过 Google API 访问的 Gmail 邮件)。
- To route inbound email to the correct mailbox and parse OTP codes or structured data as configured by you.将入站邮件路由到正确的邮箱,并按您的配置解析 OTP 验证码或结构化数据。
- To authenticate your account and maintain session security.对您的账户进行身份验证并维护会话安全。
- To process payments and manage subscriptions.处理付款和管理订阅。
2.2 Service Improvement & Communications2.2 服务改进与通信
- To diagnose technical problems and improve platform reliability using anonymized aggregated metrics.使用匿名聚合指标诊断技术问题并提高平台可靠性。
- To send transactional emails (account alerts, billing receipts, security notifications).发送事务性邮件(账户提醒、账单收据、安全通知)。
- To send product updates and newsletters only if you have opted in.仅在您选择加入的情况下发送产品更新和新闻通讯。
2.3 Use of Google User Data — Strict Limitations2.3 Google 用户数据的使用 — 严格限制
Our use of Google user data obtained via Google APIs is limited to the following and strictly complies with the Google API Services User Data Policy, including the Limited Use requirements:我们通过 Google API 获取的 Google 用户数据的使用仅限于以下情况,并严格遵守 Google API 服务用户数据政策,包括有限使用要求:
- Allowed: Displaying Gmail messages and metadata to you within GridInbox for inbox management.允许: 在 GridInbox 中向您展示 Gmail 邮件和元数据以进行收件箱管理。
- Allowed: Storing Gmail data temporarily on our servers to provide a responsive user experience and enable features like search and filtering.允许: 在我们的服务器上临时存储 Gmail 数据,以提供响应式用户体验并启用搜索、过滤等功能。
- Not allowed and never performed: Using Google user data for advertising, selling data to third parties, profiling users for purposes unrelated to the service, or training AI/ML models.不允许且从不执行: 将 Google 用户数据用于广告、向第三方出售数据、为与服务无关的目的对用户进行画像,或训练 AI/ML 模型。
- Not allowed and never performed: Sharing Google user data with any third party for any purpose other than providing or improving the GridInbox service, or as required by law.不允许且从不执行: 除提供或改进 GridInbox 服务或法律要求外,将 Google 用户数据与任何第三方共享用于任何目的。
3. Information Sharing and Disclosure3. 信息共享与披露
We do not sell, rent, or trade your personal data or Google user data to third parties. We share data only in the following limited circumstances:我们不出售、出租或交易您的个人数据或 Google 用户数据。我们仅在以下有限情况下共享数据:
- Service Providers (Sub-processors): We engage third-party companies that process data on our behalf solely to operate the GridInbox service. Each sub-processor is bound by strict data processing agreements. See Section 5 for the full list.服务提供商(子处理者): 我们聘用第三方公司代表我们处理数据,仅用于运营 GridInbox 服务。每个子处理者均受严格数据处理协议的约束。完整列表见第 5 节。
- Legal Requirements: We may disclose your information if required by applicable law, court order, or governmental authority. We will notify you of such requests where legally permitted.法律要求: 如适用法律、法院命令或政府机构要求,我们可能披露您的信息。在法律允许的范围内,我们将通知您此类请求。
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections described herein.业务转让: 如发生合并、收购或资产出售,您的数据可能转移至收购方,并受本政策所述相同隐私保护的约束。
- With Your Consent: We will share data in any other circumstances only with your explicit, informed consent.经您同意: 在任何其他情况下,我们仅在您明确知情同意的情况下共享数据。
Google User Data Specifically: Google user data obtained via Google APIs is never shared with third parties for advertising, marketing, or any purpose beyond operating and improving the features you explicitly use within GridInbox.关于 Google 用户数据: 通过 Google API 获取的 Google 用户数据绝不会与第三方共享用于广告、营销,或超出在 GridInbox 中操作和改进您明确使用的功能之外的任何目的。
4. Data Storage and Security4. 数据存储与安全
We implement industry-standard technical and organizational measures to protect your data:我们实施行业标准的技术和组织措施来保护您的数据:
- Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.传输加密: 您的浏览器与我们服务器之间传输的所有数据均使用 TLS 1.2 或更高版本加密。
- Encryption at Rest: Email content, attachments, and sensitive user data are encrypted at rest using AES-256 in AWS S3/R2 storage.静态加密: 电子邮件内容、附件和敏感用户数据在 AWS S3/R2 存储中使用 AES-256 进行静态加密。
- Access Controls: Access to production systems and customer data is restricted to authorized personnel on a need-to-know basis, protected by multi-factor authentication.访问控制: 对生产系统和客户数据的访问仅限于经授权的人员,基于最小权限原则,并受多因素身份验证保护。
- Infrastructure Security: Our backend runs on Cloudflare Workers and AWS, both of which maintain SOC 2 and ISO 27001 certifications. We leverage Cloudflare's DDoS protection and WAF.基础设施安全: 我们的后端运行在 Cloudflare Workers 和 AWS 上,两者均持有 SOC 2 和 ISO 27001 认证。我们利用 Cloudflare 的 DDoS 防护和 WAF。
- Google API Token Security: OAuth tokens used to access Google data are stored encrypted and are never logged or exposed in plaintext. Tokens are scoped to the minimum permissions required.Google API 令牌安全: 用于访问 Google 数据的 OAuth 令牌经加密存储,绝不以明文记录或暴露。令牌范围限制在所需的最低权限。
- Data Location: Primary data is stored in AWS US-East-1 (Northern Virginia). We do not store data in jurisdictions without adequate legal safeguards.数据位置: 主要数据存储在 AWS 美东-1(弗吉尼亚州北部)。我们不在缺乏充分法律保障的司法管辖区存储数据。
Despite our efforts, no security system is impenetrable. In the event of a data breach, we will notify affected users in accordance with applicable laws.尽管我们尽了最大努力,但没有任何安全系统是无懈可击的。如发生数据泄露,我们将依据适用法律通知受影响的用户。
5. Data Retention and Deletion5. 数据保留与删除
5.1 Retention Periods5.1 保留期限
- Account data: Retained for the duration of your active subscription, plus 30 days after cancellation to allow account recovery.账户数据: 在您的有效订阅期间保留,取消后额外保留 30 天以允许账户恢复。
- Email content and attachments: Retained according to your configured retention policy (default: 365 days). You can shorten this period in your account settings.邮件内容和附件: 根据您配置的保留策略保留(默认:365 天)。您可以在账户设置中缩短此期限。
- Google user data (Gmail messages cached/synced): Retained only as long as your Google account remains connected to GridInbox. Upon disconnection, all cached Google data is purged within 30 days.Google 用户数据(缓存/同步的 Gmail 邮件): 仅在您的 Google 账户与 GridInbox 保持连接期间保留。断开连接后,所有缓存的 Google 数据将在 30 天内清除。
- Audit logs: Retained for 90 days for security and compliance purposes.审计日志: 出于安全和合规目的保留 90 天。
- Billing records: Retained for 7 years as required by US tax law.账单记录: 依据美国税法要求保留 7 年。
5.2 Account and Data Deletion5.2 账户和数据删除
You may request deletion of your account and all associated data at any time through one of the following methods:您可以随时通过以下方式之一请求删除您的账户及所有相关数据:
- In-app: Navigate to Settings → Account → Delete Account to initiate immediate deletion.应用内: 导航至设置 → 账户 → 删除账户以启动立即删除。
- By email: Send a deletion request to privacy@gridinbox.com with the subject line "Data Deletion Request". We will complete deletion within 30 days and confirm by email.通过电子邮件: 发送删除请求至 privacy@gridinbox.com,主题为"Data Deletion Request"。我们将在 30 天内完成删除并通过电子邮件确认。
Upon account deletion: all personal data, email content, mailbox configurations, and any Google user data cached in our systems will be permanently deleted from active databases within 30 days, and from backups within 90 days.账户删除后:所有个人数据、邮件内容、邮箱配置以及我们系统中缓存的所有 Google 用户数据将在 30 天内从活跃数据库中永久删除,在 90 天内从备份中删除。
You may also revoke GridInbox's access to your Google account at any time via Google Account Permissions. Revoking access will disconnect your Google account and trigger deletion of all associated Google user data from our systems.您也可以随时通过 Google 账户权限撤销 GridInbox 对您 Google 账户的访问权限。撤销访问权限将断开您的 Google 账户连接,并触发从我们系统中删除所有相关 Google 用户数据。
6. International Data Transfers6. 国际数据传输
GridInbox is headquartered in Sheridan, Wyoming, United States. Information we collect will be processed in the United States.
GridInbox 总部位于美国怀俄明州谢里登 (Sheridan)。我们收集的信息将在美国进行处理。
-
For EU/EEA Users: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers to the US.
对于欧盟/欧洲经济区用户: 我们依靠欧洲委员会批准的标准合同条款 (SCCs) 将数据传输至美国。
-
For China Users: We process data based on the necessity of providing services (PIPL Article 38). Data is stored securely in US AWS data centers.
对于中国用户: 我们基于提供服务的必要性(个人信息保护法第 38 条)处理数据。数据安全存储于美国 AWS 数据中心。
7. Data Sub-Processors7. 数据子处理者
We engage the following trusted sub-processors. Each is bound by data processing agreements consistent with applicable privacy regulations:
我们聘用以下受信任的子处理者。每个处理者均受符合适用隐私法规的数据处理协议约束:
- AWS (US-East-1): Primary data storage (S3/R2), email processing (SES), and database hosting (RDS).AWS (美东-1): 主要数据存储(S3/R2)、邮件处理(SES)和数据库托管(RDS)。
- Cloudflare (Global): CDN, DDoS protection, serverless compute (Workers), and email routing.Cloudflare (全球): CDN、DDoS 防护、无服务器计算(Workers)和邮件路由。
- Stripe (US): Payment processing. PCI-DSS Level 1 compliant. Card data is never transmitted to our servers.Stripe (美国): 支付处理。符合 PCI-DSS 1 级标准。卡片数据绝不传输至我们的服务器。
- Google LLC: Google OAuth for account authentication and Gmail API access (only with your explicit authorization).Google LLC: 用于账户身份验证和 Gmail API 访问的 Google OAuth(仅在您明确授权的情况下)。
8. Your Data Rights8. 您的数据权利
Depending on your jurisdiction, you have the following rights regarding your personal data:
根据您所在的司法管辖区,您对您的个人数据享有以下权利:
- Access: Request a copy of the personal data we hold about you.访问权: 请求获取我们持有的您的个人数据副本。
- Rectification: Request correction of inaccurate or incomplete data.更正权: 请求更正不准确或不完整的数据。
- Deletion ("Right to be Forgotten"): Request deletion of your personal data (see Section 5.2 for the process).删除权("被遗忘权"): 请求删除您的个人数据(流程见第 5.2 节)。
- Portability: Request an export of your data in a machine-readable format (JSON/CSV).可携性权: 请求以机器可读格式(JSON/CSV)导出您的数据。
- Restriction and Objection: Request restriction of processing or object to certain uses of your data.限制和反对权: 请求限制处理或反对对您数据的某些使用。
- Withdraw Consent: Revoke any previously granted consent (including Google OAuth access) at any time without affecting lawfulness of prior processing.撤回同意: 随时撤销之前授予的任何同意(包括 Google OAuth 访问权限),不影响此前处理的合法性。
To exercise any of these rights, contact us at privacy@gridinbox.com. We will respond within 30 days (or as required by applicable law).
请联系 privacy@gridinbox.com 行使上述任何权利。我们将在 30 天内回复(或按适用法律要求的时间回复)。
9. Cookies and Tracking Technologies9. Cookie 和跟踪技术
We use cookies and similar technologies strictly for essential service functionality (session management, authentication). We do not use third-party advertising cookies. For full details, see our Cookie Policy.我们严格将 Cookie 和类似技术用于基本服务功能(会话管理、身份验证)。我们不使用第三方广告 Cookie。详情请参阅我们的 Cookie 政策。
10. Children's Privacy10. 儿童隐私
GridInbox is not directed at children under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child has provided us personal data, we will delete it promptly.GridInbox 不面向 16 岁以下的儿童。我们不会故意收集儿童的个人信息。如果我们发现儿童向我们提供了个人数据,我们将立即删除。
11. Changes to This Policy11. 本政策的变更
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via email and/or a prominent notice on our website at least 30 days before the changes take effect. The "Last Updated" date at the top of this page will always reflect the most recent revision.我们可能会不时更新本隐私政策。当我们进行实质性变更时,我们将通过电子邮件和/或网站上的醒目通知在变更生效前至少 30 天通知您。本页顶部的"最后更新"日期将始终反映最新修订。
12. Contact Us12. 联系我们
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection team:如果您对本隐私政策或我们的数据处理方式有任何问题、疑虑或请求,请联系我们的数据保护团队: