Inbox · the first hiagent · private build-out

Reply to every customer email.
Even at 2am.

Inbox is an AI agent that reads your Gmail, finds the answer in your docs, and writes the reply in your voice. Grounded in your knowledge base — never invented.

We're shipping in cohorts · No credit card · Reply-to-this-email founder access

Gmail-nativeTokens AES-256-GCM at restPer-workspace spend capOne-click pause
The honest part

You didn't start a company to answer FAQ emails.

And yet half your inbox is the same five questions. Where's my invoice. How do I cancel. Does it integrate with X. The answer is in your docs. The customer is waiting. You're shipping a release.

The queue

200 unread, growing.

Every email you don't answer in an hour costs you a CSAT point. Every one you do answer is twenty minutes you don't get back. The customer-support tool you bought routes the problem; it doesn't solve it.

The hire

A support rep is $60k.

And six weeks to ramp. And quits in eighteen months. For a job that's 80% pasting the same three answers from a Notion page. The cost-to-coverage ratio is brutal.

The night shift

The founder is the helpdesk.

It's 11pm. You're replying to a billing question that your docs cover on page two. Every founder you know is doing the same. Nobody admits it on Twitter.

How it works

Three steps,
no integration overhead.

  1. 01

    Sign in with Google

    One click. We auto-provision a private workspace on your Google account — no DNS, no infra, no admin password to store. Onboarding wizard takes 4 minutes.

  2. 02

    Drop your PDFs

    Drag and drop your docs, FAQs, pricing pages, runbooks. The bot chunks, embeds, and indexes them per workspace — fully isolated from every other tenant. Add a one-line persona and you're done.

  3. 03

    Connect your Gmail

    OAuth handshake. Within 60 seconds the bot starts polling your inbox, classifying every email, and replying in-thread to the ones it can answer from your knowledge base. The rest land in your inbox untouched.

Median first reply: 11 seconds after the email lands.
A real reply, end to end

This is what good auto-reply looks like.

Real inbound, real pipeline trace, real reply. Every email goes through eight gates before a single character is sent — and every decision is in your audit log.

inbox · support@northwind.io · 1 unread
live
inbound · today · 14:23
fromPriya Iyer <priya@northwind.io>
tosupport@northwind.io
subjHow do I update the billing address on my plan?

Hey team — I just moved offices and I'd like to update the billing address on my Northwind subscription before the next invoice goes out next Tuesday. Can you walk me through where to do that? Thanks!

pipeline · 11s total
  1. Loop guard
    no auto-submitted / list headers
  2. Thread guard
    owner has not replied
  3. Classifier
    client_query · gpt-4o-mini
  4. Risk classifier
    safe · no threats / injection
  5. Retrieve
    3 chunks · top sim 0.78
  6. Generate
    deepseek-v4-flash · 142 tokens
  7. Moderate
    clean · no PII / toxicity
  8. Send
    in-thread · Re: invoice #4421
reply · 14:23 · 11s after received

Hi Priya — thanks for the heads-up. You can update the billing address yourself from Settings → Billing → Billing details in the Northwind dashboard. Edits saved before midnight UTC on the day before your invoice date will appear on that invoice; anything later moves to the following one, so you'll be fine for next Tuesday. Let me know if anything looks off in the UI and I'll grab a screenshot.

— Sent by your Inbox agent

classification client_querytop_similarity 0.78chunks_used 3status sentaudit audit_log #4421
What's in the box

A real product. Not a demo.

Persona that sounds like you

Tone, signature, company description — set them once, the bot writes in your voice. Custom classifier prompt available if you want to redefine what a 'customer query' even means.

Knowledge base from PDFs

Drag-drop ingestion. Configurable similarity threshold + top-K so you control how strict 'good enough to answer' is. 25 MB per PDF, 5K chunks per workspace, both configurable.

Activity dashboard

Last 100 emails with classification, retrieval scores, the reply text the bot sent. Filter by Sent / Skipped / Failed. Click any row to expand.

Draft mode (autoSend off)

Flip a switch and every reply lands as a Gmail draft in your account instead of being sent. Train on the first few weeks, then turn auto-send on when you trust it.

Per-model usage rollup

Token counts and USD cost per model over the last 30 days. Costs land in the same row as the message that incurred them. No mysteries on the invoice.

Rate limits that match reality

Per-sender daily reply cap (default 5/sender) so a prankster can't drain you. Per-workspace daily email cap (default 200) and total chunk cap. All operator-tunable.

Questions

The things you'd ask over coffee.

Will the bot ever invent an answer?
No. The reply model is instructed to use only the retrieved chunks. If retrieval finds nothing above your similarity threshold, the bot doesn't reply — the email shows up in your dashboard as no-kb-match for you to handle.
What does it do with sensitive emails?
The risk classifier flags threats, abuse, legal language, fraud patterns, and prompt-injection attempts before retrieval even runs. Those emails are skipped and logged with a reason; they never get an auto-reply.
Can it accidentally send the wrong thing?
Every draft passes an outbound moderation step that blocks toxic language, unauthorised commitments, PII leakage, and any reply that looks like a leaked system prompt. Flagged replies are not sent — they're logged for your review.
How do you handle my customer data?
Each workspace is fully isolated by tenant_id with row-level security as defense-in-depth. OAuth refresh + access tokens are AES-256-GCM encrypted at rest with a key separate from the session HMAC. Email bodies are stored only for the audit log and retention is configurable per plan.
What happens if I want to stop?
One-click pause from the sidebar (bot stops processing the instant you flip it). Soft-delete the workspace from Settings → Danger zone with a 30-day recovery window before hard-delete.
Which model does it use?
The reply model is operator-controlled and currently DeepSeek V4 Flash. The classifier uses GPT-4o-mini. Models can be swapped in code by the deployment owner — tenants don't pick, which keeps cost and quality predictable across the platform.
Join the waitlist

Stop answering the same email.
Start shipping again.

We're shipping in cohorts. Drop your email and we'll let you know the moment your spot opens.

Read every reply · No drip campaign · Founder responds within a day