Privacy by Design

Your emails are private. We built Canopy Mail with privacy as a core principle, not an afterthought.

Emails Stay With Your Provider

We never store your emails. They remain on Gmail, your IMAP server, or wherever they belong.

Industry-Standard Encryption

All sensitive data is encrypted with AES-256-GCM before storage. OAuth tokens and IMAP credentials are always encrypted.

Tracking Protection

External images and tracking pixels are blocked by default. You control what loads in your emails.

Where your messages actually live

When you connect Gmail, your messages stay on Google's servers — we just give you a faster, better way to read them. For full data sovereignty, connect via IMAP to a European provider like mailbox.org, Posteo, or Tuta — or run your own mail server.

What Data We Store

Account Information

Stored (encrypted where sensitive)

  • Email address (for login)
  • Display name
  • Profile picture URL (from Google)
  • Subscription status

Never Stored

  • Google password (OAuth only)
  • Any personal data beyond what's needed for the service

Email Account Connections

Stored (encrypted where sensitive)

  • Gmail: OAuth tokens (encrypted) - allows access without your password
  • IMAP: Server credentials (AES-256-GCM encrypted)
  • Server hostnames and ports (for IMAP accounts)

Never Stored

  • Your actual emails - they stay with your email provider
  • Email attachments
  • Contacts or address books

App Settings & Preferences

Stored (encrypted where sensitive)

  • Theme preference (dark/light/system)
  • Account accent colors
  • Email signatures (per account)
  • Keyboard shortcut customizations

Scheduled Actions

Stored (encrypted where sensitive)

  • Snoozed email IDs and scheduled return times
  • Scheduled send times (references to draft IDs only)
  • Pinned email IDs

Never Stored

  • Email content for snoozed emails
  • Draft content for scheduled sends - stays in your provider's drafts

AI Features & Your Data

You choose your AI provider in app settings. We support Mistral (Europe-hosted, our default), Anthropic, and OpenAI — or you can turn AI off entirely. Whichever provider you pick, here's exactly what data is sent and how it's handled.

AI is Opt-In Only

AI features are only available to Pro subscribers and must be explicitly triggered by you. Your emails are never automatically processed or analyzed. You decide when and which emails to summarize.

Email Summarization

Get AI-generated summaries of long emails and threads with key points and action items.

Data sent to AI

Email subject and body content is sent to the AI model.

Data cached

Summaries are cached (encrypted) to avoid re-processing the same email.

Cached summaries can be refreshed or deleted at any time.

AI Compose

Generate email drafts from natural language prompts.

Data sent to AI

Your prompt and optionally the email you're replying to.

Data cached

Nothing cached - generated content goes directly to your compose window.

Email Enhancement

Improve, fix errors, change tone, shorten, expand, or translate your email drafts.

Data sent to AI

The draft content you want to enhance.

Data cached

Nothing cached - enhanced content replaces your draft immediately.

About Our AI Providers

We pick AI providers based on how they handle your data, not on which one is cheapest. Every provider we integrate has to meet the same baseline:

  • Data sent via API is not used to train their models
  • Strict, time-bounded retention — for trust & safety only
  • Enterprise-grade security and privacy standards

Mistral

Default

French AI company hosted in Europe. Full EU data residency. Recommended for users who need their AI requests to stay within the EU.

Anthropic (Claude)

US-based AI safety company. Data sent via API is not used to train their models and is retained for 30 days for trust & safety only.

OpenAI

US-based AI company. Data sent via API is not used to train their models by default.

You can switch providers any time in app settings — or turn AI off entirely.

Gmail vs IMAP: Authentication Differences

Gmail (OAuth)

  • We never see your Google password
  • Google issues limited-scope access tokens
  • You can revoke access from Google anytime
  • Tokens encrypted with AES-256-GCM

IMAP (Encrypted Credentials)

  • Password encrypted with AES-256-GCM
  • Encryption key separate from database
  • TLS/SSL required for server connections
  • Remove account anytime to delete credentials

Your Data Rights

Delete Your Account

Delete your account from Settings. This immediately removes all your data from our servers, including linked accounts, settings, and cached summaries.

Remove Linked Accounts

Unlink individual email accounts anytime. This removes stored tokens/credentials and any cached data for that account.

Export Your Data

Your emails already live with your email provider. Settings and preferences can be viewed in the app at any time.

Revoke Gmail Access

You can revoke Canopy Mail's access to your Gmail account anytime from your Google Account settings.

Questions about privacy?

We're happy to answer any questions about how we handle your data.

Contact UsLegal Privacy Policy