Legal

Privacy Policy

How Envoy handles connected mailboxes, AI processing, security, retention, and user rights.

Effective date: July 3, 2026

Last updated: July 3, 2026

01

Who we are

JAIPTEAM Inc. ("Envoy," "we," "us," or "our") operates Envoy for Executives, an AI-assisted email automation service for business users. Envoy reads and classifies email from connected mailboxes, drafts replies in your voice, routes transactional mail, and delivers a consolidated briefing digest.

Legal entityJAIPTEAM Inc.
ProductEnvoy for Executives
Privacy contactprivacy@jaipteam.com

Envoy is primarily offered as a business-to-business (B2B) service. If you use Envoy on behalf of an organization, your organization may have its own policies governing workplace email and tools; this policy describes how Envoy handles data when you connect an account.

02

Scope of this policy

This Privacy Policy explains what personal information and email content we collect, how we use and share it, how long we keep it, and what choices you have. It applies when you:

create an Envoy account or use our web application;

connect a Gmail (or other supported) mailbox via OAuth;

receive briefing digests or interact with action links in those digests;

contact us for support; or

use the local edition of Envoy (self-hosted on your own infrastructure), where data processing described here applies to data Envoy processes on your behalf, but hosting location and some sub-processors may differ (see Section 12).

This policy does not cover third-party websites, email providers, or integrations you choose to connect outside of Envoy's control (for example, Google's own privacy practices for Gmail).

03

What Envoy does (summary)

To provide the service, Envoy may:

Read unread and sent messages (and related metadata) from mailboxes you connect;

Classify messages (for example: action required, FYI, transactional, junk);

Draft reply suggestions in Gmail drafts. Envoy does not send email on your behalf without your explicit action;

Forward certain transactional messages (for example invoices) to accounting addresses you configure;

Store configuration, classifications, voice-learning data, and audit records needed to operate and improve the service for your account;

Send you HTML briefing digests and signed action links;

Learn from edits you make to drafts to refine future drafting style (voice profiles).

During onboarding and calibration, Envoy may scan a bounded window of your sent mail to infer communication patterns and persona assignments. Optional integrations (for example Linear notifications, outbound webhooks) process only data needed for those features.

04

Information we collect

4.1 Account and identity information

When you register (via our authentication provider or local-edition setup), we may collect:

name and email address;

authentication identifiers (for example Clerk user ID when Clerk auth is enabled);

organization or role information you provide;

billing-related identifiers if you subscribe to a paid plan (payment card data is processed by our payment processor, not stored by Envoy);

preferences (briefing schedule, global instructions, plan tier).

4.2 Connected mailbox data

When you authorize Envoy to access your email account, we access data permitted by the OAuth scopes you approve. For Gmail, these currently include:

ScopePurpose
gmail.modifyRead messages, mark messages read, manage labels as needed for triage
gmail.composeCreate draft replies in your mailbox
gmail.sendSend messages only when you explicitly trigger send actions through Gmail (Envoy's default pipeline creates drafts; it does not auto-send replies)
drive.fileAccess files created or opened by Envoy (for example generated PDFs for forwarding)
calendar.readonlyRead calendar data where calendar-aware features are enabled

Email content and metadata we process may include:

message bodies (plain text and HTML), subjects, and snippets;

sender and recipient names and email addresses;

dates, thread identifiers, and labels;

attachment metadata and, where configured, attachment contents for forwarding or PDF generation;

headers (including List-Unsubscribe where used for junk handling.

Envoy processes mail only for accounts you connect and only to deliver the features you enable.

4.3 Data you configure in Envoy

whitelist / sender rules, blocklists, persona assignments, and standing instructions;

connected account registry (addresses, labels, routing context);

snooze, correction, and training inputs (including bracketed keyword commands sent to your briefing address);

voice-learning records (differences between Envoy drafts and messages you actually send);

persona profiles and confidence scores derived from scans or archive analysis.

4.4 Automatically collected technical data

OAuth tokens and refresh tokens (encrypted at rest);

API and action-server audit logs (who took an action, what changed, timestamps);

pipeline run metadata (accounts processed, counts, errors);

device/browser and network information typical of web services (IP address, user agent) for security and operations;

cookies or similar technologies used by our authentication and session layer.

Where enabled, server and pipeline logs apply PII redaction by default (see Section 8).

4.5 Support and communications

If you contact us, we collect the information you provide (email content, screenshots, logs you choose to share).

05

How we use information

We use the information above to:

PurposeExamples
Provide the serviceClassify mail, create drafts, forward transactional messages, send briefings, execute digest action links
Authenticate and secure accountsSign-in, session management, fraud prevention, audit trails
Personalize draftingApply persona profiles, standing instructions, and voice-learning corrections
Operate and improve EnvoyDebugging, performance monitoring, feature development (using aggregated or de-identified data where feasible)
Comply with lawRespond to lawful requests, enforce terms, protect rights and safety
BillingProcess subscriptions and usage when paid plans are offered

We do not sell your personal information. We do not use your mailbox content to train generalized third-party AI models for unrelated products. Email content is sent to our AI sub-processor only to provide classification, drafting, screening, briefing summaries, and related features for your account (see Section 6).

06

AI processing and Anthropic

Envoy uses Anthropic's Claude API to classify messages, screen commercial mail, generate draft replies, synthesize voice-learning updates, and produce briefing summaries.

What is sent to Anthropic: User-role prompts may include email subject lines, message bodies, sender/recipient context, persona instructions, and your configured standing rules. Structured identifiers such as Social Security numbers, payment card numbers, and phone numbers are masked in user messages before the API call (replaced with placeholders such as [ssn], [card], [phone]). Email addresses are generally retained in prompts because they are needed for accurate classification and reply context.

What Anthropic does with it: Processing is governed by Anthropic's terms and privacy policy. We configure API usage for production inference; we do not authorize Anthropic to use your content to train their public models unless their product terms explicitly state otherwise for your account tier.

Your responsibility: Mailbox content may include personal information about your contacts, employees, clients, and other third parties. By connecting a mailbox, you represent that you have authority to allow Envoy and its sub-processors to process that content for the purposes described in this policy.

08

Security

We implement technical and organizational measures appropriate to the sensitivity of mailbox data, including:

Encryption of OAuth tokens at rest in our database using application-level encryption (TOKEN_ENC_KEY);

Tenant isolation: application data is scoped by user account identifier; queries and mutations are designed to prevent cross-tenant access;

PII redaction in logs: when enabled (default), pipeline and server logs scrub sensitive patterns and collapse full message-body dumps;

Signed, time-limited action links for digest buttons;

Append-only audit logging for sensitive actions;

Least-privilege access to production systems for personnel who need it to operate the service.

No method of transmission or storage is completely secure. If you believe your account has been compromised, contact us at privacy@jaipteam.com and revoke Envoy's access in your Google Account security settings.

We do not currently hold formal third-party security certifications (for example SOC 2 or ISO 27001). If that changes, we will update this policy and our Trust Center.

09

Sub-processors

We use trusted service providers who process data on our behalf. This list reflects the intended production stack; the local edition may omit some providers.

Sub-processorRoleData processedLocation (typical)
Anthropic, PBCAI inference (Claude API)Email content and prompts for classification/drafting (PII-masked as described in Section 6)United States
Google LLCGmail, Google Drive, Google Calendar APIs; OAuthMailbox content, metadata, tokensGlobal (Google infrastructure)
Clerk, Inc.Authentication, user management (when enabled)Name, email, auth identifiers, session dataUnited States
Stripe, Inc.Payment processing (when paid plans launch)Billing name, email, payment method tokens. Envoy does not store full card numbersUnited States / global
Cloudflare, Inc.DNS, tunnel, edge securityIP addresses, request metadata for traffic to our applicationGlobal
Railway Corp. (planned)Application hosting, managed Postgres/RedisAll application data at rest and in transit through hosted servicesUnited States (expected)

We may update this list as infrastructure changes (for example migration to Railway in Phase 5). Material additions will be reflected here and in the in-product Trust Center when available.

Command Center integration: Envoy may send optional outbound webhook payloads to a separate product ("Command Center") over HTTPS. That integration is HTTP-only; the systems do not share a database. Webhook delivery requires explicit configuration and shared secrets on both sides. If enabled, effort-update summaries derived from your email processing may be transmitted to your Command Center instance.

10

Retention

We retain information only as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce agreements.

Data categoryRetention
Account profile and preferences

For the life of your account, plus TBD after deletion

OAuth tokens

Until you disconnect the mailbox or delete your account (then revoked and deleted)

Classifications, whitelist, persona config, voice profiles

For the life of your account, plus TBD after deletion

Draft logs and voice-learning corrections

TBD. Configurable cadence for profile regeneration; deleted with account

Action audit logs

TBD. Security and compliance minimum

Server and pipeline logs

TBD. Rolling retention

Billing records

As required by tax and accounting law TBD

When you delete your account or disconnect a mailbox, we delete or de-identify associated data within a reasonable period, subject to backup cycles and legal holds. Specific retention schedules will be published in the Envoy Trust Center as they are finalized.

You may request an export of your data (JSON bundle) through account settings when that feature is available, or by contacting privacy@jaipteam.com.

11

Your rights and choices

Depending on your jurisdiction, you may have the right to:

Access personal information we hold about you;

Correct inaccurate account information;

Delete your account and associated data;

Export a copy of your data in a portable format;

Withdraw consent by disconnecting mailboxes or stopping use of the service;

Object or restrict certain processing where applicable law provides that right;

Lodge a complaint with a privacy regulator (in Canada, the Office of the Privacy Commissioner of Canada; in the EU/UK, your local supervisory authority if GDPR/UK GDPR applies to your use).

To exercise these rights, use in-app controls (Connections, Settings, Trust Center) when available, or email privacy@jaipteam.com. We may verify your identity before fulfilling a request. We will respond within the timeframe required by applicable law.

Disconnect a mailbox: You can remove an account in Envoy and revoke access at Google Account Permissions. Revocation stops new processing; deletion timing is described in Section 10.

Marketing: If we send product updates or marketing email, you may opt out via the unsubscribe link. Transactional and service-related messages (for example security alerts, billing) may still be sent.

12

Account deletion

You may delete your Envoy account through the Trust Center / Settings (when available) or by contacting privacy@jaipteam.com.

1.revoke Google OAuth tokens for connected mailboxes;
2.remove OAuth credentials, account registry entries, whitelist and persona configuration, voice profiles, and other tenant-scoped data from our primary database;
3.stop scheduled pipeline runs for your account.

Backups and audit logs may persist for a limited period per Section 10 before being purged or anonymized. Deletion does not remove copies of emails that remain in your Gmail mailbox or messages already forwarded to third parties (for example accounting inboxes).

Local edition: Self-hosted deployments store data on infrastructure you control. Account deletion behaviors in the local edition may be limited to a single principal user; you are responsible for destroying local database volumes and token files if you decommission a local install.

13

International transfers

Envoy is based in Canada. Sub-processors (including Anthropic, Google, Clerk, Stripe, Cloudflare, and planned hosting providers) may process data in the United States and other countries. Where required, we rely on appropriate safeguards (for example contractual clauses and vendor security commitments) for cross-border transfers.

If you require data residency in a specific region, contact us before connecting production mailboxes; the standard SaaS offering does not currently guarantee regional data residency.

14

Children's privacy

Envoy is not directed at children under 16 (or the age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact privacy@jaipteam.com and we will take steps to delete it.

15

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy at /envoy/privacy and update the "Last updated" date. For significant changes, we may notify you by email or in-app notice. Continued use of Envoy after the effective date constitutes acceptance of the revised policy, to the extent permitted by law.

16

Contact us

Questions about this policy or our privacy practices:

For data protection inquiries from EU/UK representatives or enterprise customers requiring a Data Processing Agreement (DPA), contact privacy@jaipteam.com with the subject line "DPA request."