Trust & privacy
Connecting your inbox is an act of trust.
We built everything around that.
These are architectural decisions, not policy afterthoughts. Plain language, no fine print.
How sign-in actually works
Google & Microsoft
You sign in with the provider directly and approve each account individually. We never see or store your password, and we never request access to anyone else's mailbox in your organization.
Workplace accounts
Some workplace Microsoft accounts require an administrator's approval for third-party apps. If that applies, the product guides you through the request. Your personal accounts are unaffected.
IMAP mailboxes
Custom-domain and other IMAP mailboxes connect with an app password: stored encrypted, used read-only (we never alter your mailbox), and revocable by you at any time.
Honest answers to the hard questions
Do you read my email?
The system processes message content to compute importance scores, under the commitments above: encrypted, never used to train AI models, never shared, and purged if you disconnect. Humans do not browse your mail.
Do you sell or share my data?
No. Your content is used to rank your priorities for you. That is the entire use.
Are you SOC 2 certified?
Not yet, and we will not pretend otherwise. The architecture is designed toward that posture, and formal audits are planned after launch. Detailed security documentation is available to beta partners during onboarding.
What happens to my data if I leave?
Disconnecting an account purges its data. Leaving entirely removes your data.
What about this website?
No cookies, no trackers, no analytics that identify you. The same posture as the product.
Questions we did not answer here?
Security reviews and detailed documentation are part of beta onboarding, and we welcome hard questions.
Ask us directly