Privacy & Security Policy

Account information: Your name, email address, and password (hashed) when you create an Envelo account.

Email account credentials: The IMAP/SMTP server details and passwords for any email accounts you connect. These are encrypted before storage (see Section 3).

Contacts: If you import or create contacts within Envelo, we store names, email addresses, phone numbers, and organisation details in your account.

Subscription & billing: If you subscribe to Pro, Stripe processes your payment. We store your Stripe customer ID and subscription status. We never see or store your card number.

What we do NOT collect: We do not store your emails, email attachments, or email metadata on our servers. Envelo fetches messages on-demand directly from your mail provider via IMAP and does not cache or persist them.

Traditional mode (Free): Envelo connects directly to your email provider's IMAP/SMTP servers over TLS. Your emails travel between your mail server and the Envelo app. We act as a client, not a relay — your messages are never routed through or stored on our infrastructure.

Modern mode (Pro): When you use AI features, the content of relevant emails (subject, sender, body text) is sent to Anthropic's Claude API to process your request. This only happens when you actively type a command in the conversational interface — never automatically, never in the background. Anthropic's API does not use your data to train their models.

What gets sent to AI: Email metadata (subject, sender, date), email body text (plain text, up to 4,000 characters per message), and your conversation history within the current session. Passwords, authentication tokens, and raw attachments are never sent to the AI.

Server-side: Email account passwords are encrypted using AES-256-GCM with a unique initialisation vector and authentication tag for each credential. Encryption keys are stored separately from the database. Passwords are only decrypted in memory when actively connecting to your mail server.

Google OAuth: If you connect Google services (currently used for contacts import), authentication is handled via Google's OAuth 2.0 flow. We receive a refresh token to maintain access — we never see or handle your Google password.

In transit: All connections use TLS 1.2 or higher. IMAP connections use port 993 (IMAPS) and SMTP uses port 465 (SMTPS). All API calls between the app and our servers, and between our servers and third-party services, are encrypted with HTTPS.

Envelo uses the following third-party services:

• Anthropic (Claude API) — Processes AI requests in modern mode. Subject to Anthropic's privacy policy. They do not train on API data.
• Stripe — Handles payment processing for Pro subscriptions. Subject to Stripe's privacy policy. We never handle your card details directly.
• Supabase — Hosts our database and authentication. Data is stored in a secured PostgreSQL instance with row-level security policies ensuring users can only access their own data.
• Google APIs — Used for contacts import via OAuth. Subject to Google's privacy policy.

We do not use any advertising networks, analytics trackers, or data brokers.

While your account is active: We retain your account profile, encrypted email credentials, and contacts for as long as you use Envelo.

When you delete your account: All of your data is permanently deleted via cascading deletion — your profile, all connected email account credentials, contacts, preferences, and any activity logs. This is irreversible.

Email content: Since we don't store your emails, there's nothing to delete. AI conversation history is not persisted between sessions.

If you'd like your data deleted, you can remove your account from within the app or email support@envelo.app and we'll process it manually.

If we make meaningful changes to this policy, we'll notify you via email or an in-app notice before the changes take effect. Minor clarifications or formatting changes won't trigger a notification, but the "last updated" date at the top will always reflect the most recent revision.