GDPR & Data Protection

InboxMarket is a B2B marketplace that connects advertisers with independent newsletter publishers. InboxMarket does not access, store, or process subscriber email addresses or personal data. All email communications are sent directly by publishers using their own systems. Publishers are solely responsible for ensuring their lists comply with applicable data protection laws, including GDPR.

1. What InboxMarket Does Not Do

InboxMarket does not access, store, process, or control subscriber email addresses or personal data contained within any newsletter mailing lists.

We do not send emails to subscribers on behalf of publishers.
We do not upload or host any subscriber lists.
We do not place tracking pixels inside publisher emails. Publishers may do so using their own systems, but InboxMarket has no access to or control over this.

We are a facilitator of partnerships, not a data processor of subscriber information.

2. What Data InboxMarket Does Process

To operate our B2B marketplace, we process the following types of data related to our registered users (advertisers and publishers):

Account Data: Name, email address, and company information provided upon registration.
Marketplace Activity: Information related to listings, messaging between parties, and sponsorship bookings.
Aggregated Metrics: We display aggregated and non-identifiable metrics voluntarily provided by publishers, such as total subscriber count and average open rates. No subscriber-level data is ever collected or stored by InboxMarket.

3. Lawful Basis for Processing (GDPR Article 6)

Our lawful bases for processing the personal data of our platform users (advertisers and publishers) are:

Contractual Necessity: To fulfill our terms of service and operate the marketplace, allowing users to find, book, and manage sponsorships.
Legitimate Interest: To improve our platform, prevent fraud, and ensure the security of our B2B marketplace.

We do not claim consent or legitimate interest over publishers' subscriber data, as we never process it.

4. Publisher Responsibility & Declaration

Publishers listed on InboxMarket are solely responsible for ensuring their email lists comply with applicable data protection laws, including GDPR, and that subscribers have provided valid consent to receive marketing communications.

By listing a newsletter on InboxMarket, publishers must declare and warrant that they have:

Obtained explicit, GDPR-compliant opt-in from all subscribers.
A lawful basis to send sponsored content to their audience.
Complied with all other relevant regulations such as CAN-SPAM (US) and PECR (UK).

Publishers retain full control and responsibility for their data and compliance.

5. Buyer (Advertiser) Responsibility

Buyers on the InboxMarket platform understand and agree that they are purchasing sponsorship slots, not data. Buyers do not receive subscriber data, do not contact subscribers directly, and are only responsible for providing promotional content to the publisher for inclusion in the newsletter.

6. International Data Transfers

InboxMarket operates globally. User account data is hosted on secure servers located in the United States. For users in the European Economic Area (EEA), we rely on Standard Contractual Clauses and other appropriate safeguards to ensure that the transfer of user data is compliant with GDPR.

7. Your Rights as a User

As a user of the InboxMarket platform, you have rights over your personal data. These rights apply to your account data, not to the subscribers of newsletters.

Right to Access: You can request a copy of the personal data we hold about you.
Right to Rectification: You can request to correct any inaccurate data we hold about you.
Right to Erasure ('Right to be Forgotten'): You can request the deletion of your account data.

To exercise any of these rights, please contact us at privacy@inboxmarket.co.