What is StoreInboxed?

StoreInboxed is a conversational commerce platform that helps businesses sell products and services directly through messaging channels like WhatsApp and SMS. It combines a unified inbox, product catalog, cart and checkout, Stripe payment links, and customer CRM in one platform.

How does the unified inbox work?

The unified inbox aggregates all your customer conversations from WhatsApp, SMS, and other messaging channels into one place. You can respond to customers, share products, create orders, and send payment links without switching between apps.

What messaging channels are supported?

Currently, StoreInboxed supports WhatsApp Business API and SMS (via Twilio or Telnyx). Instagram and Facebook Messenger integrations are coming soon.

Can I use my own domain?

Yes! With Pro and Enterprise plans, you can configure a custom domain for your storefront and checkout pages. You can also white-label the entire experience with your brand colors and logo.

How do payments work?

StoreInboxed integrates with Stripe to generate secure payment links. You can create a checkout link in one click and send it directly to customers via chat. They complete the purchase on a hosted checkout page.

Data Policy

Last Updated: December 11, 2024

1. Overview

At Mango Tech LLC, we understand the importance of data protection for businesses using StoreInboxed. This Data Policy outlines how we handle the data you entrust to us ("Customer Data") and our commitments to data security, isolation, and compliance.

2. Roles and Responsibilities

Data Controller: You (the User/Business) act as the Data Controller for the personal data of your customers that you upload or process using StoreInboxed. You maintain ownership and control over this data.
Data Processor: Mango Tech LLC acts as the Data Processor, processing Customer Data only on your behalf and in accordance with your instructions (via your use of the Service) and this policy.

3. Data Isolation and Multitenancy

StoreInboxed is a multitenant application. We employ strict logical isolation techniques to ensure your data remains separate from other tenants.

Tenant ID: Every record in our database is tagged with a unique Tenant ID associated with your business.
Access Controls: Our application logic rigorously enforces Tenant ID checks to prevent cross-tenant data access.
Row Level Security (RLS): We utilize Row Level Security policies at the database level (Supabase/PostgreSQL) as an additional layer of protection to ensure query isolation.

4. Data Processing and Subprocessors

To provide the Service, we engage trusted third-party subprocessors. We have Data Processing Agreements (DPAs) in place with these providers to ensure they meet our security standards.

Supabase: For secure database hosting and real-time data synchronization.
AWS (Amazon Web Services): For reliable email delivery infrastructure (SES).
Twilio: For processing SMS and WhatsApp messages.
Stripe: For secure payment data processing.

5. Data Retention and Deletion

We retain Customer Data for as long as your account is active or as needed to provide you the Service.

Account Deletion: Upon your request to delete your account, we will delete your Customer Data from our active databases within 30 days, subject to any legal obligations requiring retention.
Backups: Encrypted backups may retain data for a limited period (typically up to 30 days) for disaster recovery purposes before being overwritten.

6. Data Breach Notification

In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, our Compliance Officer, Ms. Amatya, will notify you without undue delay after becoming aware of the breach, in accordance with applicable laws (including GDPR and US state laws).

7. International Data Transfers

Our infrastructure is primarily hosted in the United States. If you are located outside the US, by using the Service, you consent to the transfer and processing of your data in the United States. We rely on standard contractual clauses or suitable adequacy decisions where applicable for cross-border transfers.

8. Contact Compliance Officer

For specific inquiries regarding data processing agreements, data portability, or security audits, please contact:

Ms. Amatya
Compliance and Data Officer
Mango Tech LLC
Email: [email protected]