iGamingInbox is a competitive email intelligence platform. We collect promotional emails sent by gambling operators to honeypot accounts that we (or our partners) control. This page describes what we collect, how we redact personal information, where we store it, and your rights.
Last updated: May 2026 · Status: Draft. Awaiting UK SaaS / privacy lawyer review before paid launch.
iGamingInbox is operated by an individual founder based in London, United Kingdom. A legal entity will be incorporated before the first paying customer is onboarded.
Contact: hello@igaminginbox.com
We capture:
We do not store:
If you sign up for the beta, request a demo, or apply for a pilot:
We do not currently use cookies or web analytics on the beta product. If we add analytics in the future, we will use a privacy-respecting provider (e.g. Plausible or Fathom) that does not track individual users.
All email content passes through a redaction function at the moment of ingestion, before any data is written to our database. The unredacted version exists only in transit (Gmail IMAP → our serverless function) and is discarded after parsing.
The redaction covers:
We preserve all the competitive intel value — bonus amounts, wagering requirements, game names, operator names, campaign copy, CTA destinations (minus tracking) — without the personal data.
Email data, operator records, and customer accounts are stored in a managed PostgreSQL database hosted by Supabase in their London (eu-west-2) region. This ensures all data remains in the UK / EEA.
Our serverless functions and static pages are hosted on Vercel. Vercel's edge network includes UK PoPs; data at rest remains in our Supabase instance.
Honeypot IMAP credentials are stored as encrypted environment variables on Vercel, accessible only to the scraper function. They are never written to the database, never exposed to the frontend, and never logged.
Redacted promotional emails are retained indefinitely for the purpose of building a historical competitive intelligence archive. This is the core utility of the product — historical depth matters for trend analysis.
Customer account data is retained for the duration of your subscription plus 12 months (to allow re-activation). On verified deletion request, your account data is deleted within 30 days.
Operator-side data (emails captured from honeypots) is not associated with any individual customer and is not subject to individual-deletion requests from operators.
As a UK / EEA resident, you have the right to:
To exercise any of these rights, email hello@igaminginbox.com. We respond within 30 days.
We will update this page when our practices change. The version number and date at the top of this page reflect the most recent revision. Material changes will be communicated to active customers via email.
This Privacy Policy is a working draft pending review by a UK SaaS / privacy lawyer before our first paying customer is onboarded. The principles outlined here (redact-on-ingest, no PII stored, EU-resident data, GDPR rights respected) are foundational and will not change in subsequent revisions — but legal phrasing may be tightened.
If you have any concerns about our data handling, please contact us directly. We are open to scrutiny on this — the whole product is built around the principle that competitive intel should never come at the cost of personal data leakage.