How Envoy handles connected mailboxes, AI processing, security, retention, and user rights.
JAIPTEAM Inc. ("Envoy," "we," "us," or "our") operates Envoy for Executives, an AI-assisted email automation service for business users. Envoy reads and classifies email from connected mailboxes, drafts replies in your voice, routes transactional mail, and delivers a consolidated briefing digest.
Envoy is primarily offered as a business-to-business (B2B) service. If you use Envoy on behalf of an organization, your organization may have its own policies governing workplace email and tools; this policy describes how Envoy handles data when you connect an account.
This Privacy Policy explains what personal information and email content we collect, how we use and share it, how long we keep it, and what choices you have. It applies when you:
create an Envoy account or use our web application;
connect a Gmail (or other supported) mailbox via OAuth;
receive briefing digests or interact with action links in those digests;
contact us for support; or
use the local edition of Envoy (self-hosted on your own infrastructure), where data processing described here applies to data Envoy processes on your behalf, but hosting location and some sub-processors may differ (see Section 12).
This policy does not cover third-party websites, email providers, or integrations you choose to connect outside of Envoy's control (for example, Google's own privacy practices for Gmail).
To provide the service, Envoy may:
Read unread and sent messages (and related metadata) from mailboxes you connect;
Classify messages (for example: action required, FYI, transactional, junk);
Draft reply suggestions in Gmail drafts. Envoy does not send email on your behalf without your explicit action;
Forward certain transactional messages (for example invoices) to accounting addresses you configure;
Store configuration, classifications, voice-learning data, and audit records needed to operate and improve the service for your account;
Send you HTML briefing digests and signed action links;
Learn from edits you make to drafts to refine future drafting style (voice profiles).
During onboarding and calibration, Envoy may scan a bounded window of your sent mail to infer communication patterns and persona assignments. Optional integrations (for example Linear notifications, outbound webhooks) process only data needed for those features.
When you register (via our authentication provider or local-edition setup), we may collect:
name and email address;
authentication identifiers (for example Clerk user ID when Clerk auth is enabled);
organization or role information you provide;
billing-related identifiers if you subscribe to a paid plan (payment card data is processed by our payment processor, not stored by Envoy);
preferences (briefing schedule, global instructions, plan tier).
When you authorize Envoy to access your email account, we access data permitted by the OAuth scopes you approve. For Gmail, these currently include:
Email content and metadata we process may include:
message bodies (plain text and HTML), subjects, and snippets;
sender and recipient names and email addresses;
dates, thread identifiers, and labels;
attachment metadata and, where configured, attachment contents for forwarding or PDF generation;
headers (including List-Unsubscribe where used for junk handling.
Envoy processes mail only for accounts you connect and only to deliver the features you enable.
whitelist / sender rules, blocklists, persona assignments, and standing instructions;
connected account registry (addresses, labels, routing context);
snooze, correction, and training inputs (including bracketed keyword commands sent to your briefing address);
voice-learning records (differences between Envoy drafts and messages you actually send);
persona profiles and confidence scores derived from scans or archive analysis.
OAuth tokens and refresh tokens (encrypted at rest);
API and action-server audit logs (who took an action, what changed, timestamps);
pipeline run metadata (accounts processed, counts, errors);
device/browser and network information typical of web services (IP address, user agent) for security and operations;
cookies or similar technologies used by our authentication and session layer.
Where enabled, server and pipeline logs apply PII redaction by default (see Section 8).
If you contact us, we collect the information you provide (email content, screenshots, logs you choose to share).
We use the information above to:
We do not sell your personal information. We do not use your mailbox content to train generalized third-party AI models for unrelated products. Email content is sent to our AI sub-processor only to provide classification, drafting, screening, briefing summaries, and related features for your account (see Section 6).
Envoy uses Anthropic's Claude API to classify messages, screen commercial mail, generate draft replies, synthesize voice-learning updates, and produce briefing summaries.
What is sent to Anthropic: User-role prompts may include email subject lines, message bodies, sender/recipient context, persona instructions, and your configured standing rules. Structured identifiers such as Social Security numbers, payment card numbers, and phone numbers are masked in user messages before the API call (replaced with placeholders such as [ssn], [card], [phone]). Email addresses are generally retained in prompts because they are needed for accurate classification and reply context.
What Anthropic does with it: Processing is governed by Anthropic's terms and privacy policy. We configure API usage for production inference; we do not authorize Anthropic to use your content to train their public models unless their product terms explicitly state otherwise for your account tier.
Your responsibility: Mailbox content may include personal information about your contacts, employees, clients, and other third parties. By connecting a mailbox, you represent that you have authority to allow Envoy and its sub-processors to process that content for the purposes described in this policy.
Envoy is operated from Canada (primary timezone: America/Toronto). We apply the following frameworks depending on your location and relationship to us:
We rely primarily on:
Consent: connecting a mailbox and using Envoy constitutes consent to the processing described here; you may withdraw consent by disconnecting accounts or deleting your Envoy account;
Contract: processing necessary to provide the service you requested;
Legitimate interests: security monitoring, abuse prevention, and service reliability, balanced against your rights.
Where U.S. state privacy laws apply (for example the California Consumer Privacy Act, as amended), we process personal information for the business purposes described above. We do not "sell" or "share" personal information for cross-context behavioral advertising as those terms are defined under applicable state laws.
If you are a California resident, you may have rights to know, delete, correct, and obtain a portable copy of certain personal information, and to opt out of sale/sharing (not applicable here as we do not sell data). See Section 11.
We implement technical and organizational measures appropriate to the sensitivity of mailbox data, including:
Encryption of OAuth tokens at rest in our database using application-level encryption (TOKEN_ENC_KEY);
Tenant isolation: application data is scoped by user account identifier; queries and mutations are designed to prevent cross-tenant access;
PII redaction in logs: when enabled (default), pipeline and server logs scrub sensitive patterns and collapse full message-body dumps;
Signed, time-limited action links for digest buttons;
Append-only audit logging for sensitive actions;
Least-privilege access to production systems for personnel who need it to operate the service.
No method of transmission or storage is completely secure. If you believe your account has been compromised, contact us at privacy@jaipteam.com and revoke Envoy's access in your Google Account security settings.
We do not currently hold formal third-party security certifications (for example SOC 2 or ISO 27001). If that changes, we will update this policy and our Trust Center.
We use trusted service providers who process data on our behalf. This list reflects the intended production stack; the local edition may omit some providers.
We may update this list as infrastructure changes (for example migration to Railway in Phase 5). Material additions will be reflected here and in the in-product Trust Center when available.
Command Center integration: Envoy may send optional outbound webhook payloads to a separate product ("Command Center") over HTTPS. That integration is HTTP-only; the systems do not share a database. Webhook delivery requires explicit configuration and shared secrets on both sides. If enabled, effort-update summaries derived from your email processing may be transmitted to your Command Center instance.
We retain information only as long as needed to provide the service, comply with legal obligations, resolve disputes, and enforce agreements.
For the life of your account, plus TBD after deletion
Until you disconnect the mailbox or delete your account (then revoked and deleted)
For the life of your account, plus TBD after deletion
TBD. Configurable cadence for profile regeneration; deleted with account
TBD. Security and compliance minimum
TBD. Rolling retention
As required by tax and accounting law TBD
When you delete your account or disconnect a mailbox, we delete or de-identify associated data within a reasonable period, subject to backup cycles and legal holds. Specific retention schedules will be published in the Envoy Trust Center as they are finalized.
You may request an export of your data (JSON bundle) through account settings when that feature is available, or by contacting privacy@jaipteam.com.
Depending on your jurisdiction, you may have the right to:
Access personal information we hold about you;
Correct inaccurate account information;
Delete your account and associated data;
Export a copy of your data in a portable format;
Withdraw consent by disconnecting mailboxes or stopping use of the service;
Object or restrict certain processing where applicable law provides that right;
Lodge a complaint with a privacy regulator (in Canada, the Office of the Privacy Commissioner of Canada; in the EU/UK, your local supervisory authority if GDPR/UK GDPR applies to your use).
To exercise these rights, use in-app controls (Connections, Settings, Trust Center) when available, or email privacy@jaipteam.com. We may verify your identity before fulfilling a request. We will respond within the timeframe required by applicable law.
Disconnect a mailbox: You can remove an account in Envoy and revoke access at Google Account Permissions. Revocation stops new processing; deletion timing is described in Section 10.
Marketing: If we send product updates or marketing email, you may opt out via the unsubscribe link. Transactional and service-related messages (for example security alerts, billing) may still be sent.
You may delete your Envoy account through the Trust Center / Settings (when available) or by contacting privacy@jaipteam.com.
Backups and audit logs may persist for a limited period per Section 10 before being purged or anonymized. Deletion does not remove copies of emails that remain in your Gmail mailbox or messages already forwarded to third parties (for example accounting inboxes).
Local edition: Self-hosted deployments store data on infrastructure you control. Account deletion behaviors in the local edition may be limited to a single principal user; you are responsible for destroying local database volumes and token files if you decommission a local install.
Envoy is based in Canada. Sub-processors (including Anthropic, Google, Clerk, Stripe, Cloudflare, and planned hosting providers) may process data in the United States and other countries. Where required, we rely on appropriate safeguards (for example contractual clauses and vendor security commitments) for cross-border transfers.
If you require data residency in a specific region, contact us before connecting production mailboxes; the standard SaaS offering does not currently guarantee regional data residency.
Envoy is not directed at children under 16 (or the age of digital consent in your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact privacy@jaipteam.com and we will take steps to delete it.
We may update this Privacy Policy from time to time. When we make material changes, we will post the updated policy at /envoy/privacy and update the "Last updated" date. For significant changes, we may notify you by email or in-app notice. Continued use of Envoy after the effective date constitutes acceptance of the revised policy, to the extent permitted by law.
Questions about this policy or our privacy practices:
Email: privacy@jaipteam.com
Attention: Privacy, Envoy
For data protection inquiries from EU/UK representatives or enterprise customers requiring a Data Processing Agreement (DPA), contact privacy@jaipteam.com with the subject line "DPA request."