Privacy Policy


Effective Date: January 10, 2025

Last Updated: Aug 25, 2025

Filo Mail ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our services. By using Filo Mail, you agree to the practices described in this policy. If you do not agree, please refrain from using our services.


1. Information We Collect

We collect only the information required to deliver and improve Filo Mail.

1.1 Account Information

  • Name, email address, and password (hashed).
  • Optional profile details you choose to provide.

1.2 Email Metadata

  • Sender, recipient, timestamp, and subject line (needed for features such as categorization and prioritization).
  • We do not store the body of your emails.

1.3 Usage Data

Anonymous information about how you interact with Filo Mail—feature usage, settings, crash data—used strictly to improve performance and reliability.


2. How We Use Your Information

We process your information solely to provide, maintain, and enhance the service.

  • AI Assistance – Temporary analysis of email content to power summarization, categorization and priority alerts.
  • Push Notifications – Inform you of high-priority or time-sensitive messages.
  • Customer Support – Investigate and resolve issues you raise.

We never use your data to train AI models and we never sell personal information.

2.1 Our Role and Legal Bases for Processing

We act as a Controller for account data, telemetry, and website analytics; and as a Processor for the content of emails you connect to Filo (e.g., Gmail messages and attachments), which we process only under your instructions to provide the service.

Legal bases (where applicable under the GDPR/UK GDPR):

  • Contract – to provide and support the services you request.
  • Legitimate Interests – to ensure security, prevent abuse, and improve reliability using aggregated/de-identified analytics.
  • Consent – for optional marketing communications and non-essential cookies/trackers.

3. Data Security

We employ layered defences to protect the confidentiality, integrity, and availability of your information:

  • All data in transit is protected with TLS 1.3 and perfect forward secrecy(PFS).
  • AES-256 encryption at rest backed by AWS KMS; customer master keys rotate every 90 days.
  • Isolated production VPC and hardened build pipeline.
  • Quarterly penetration tests and continuous vulnerability scanning.
  • Nitro Enclaves isolate sensitive AI inference workloads.

Despite our best efforts, no system is completely secure; safeguard your credentials accordingly.

In the event of a security incident affecting personal data, we will notify affected users without undue delay and, where applicable, notify regulators within 72 hours of becoming aware. Where inference occurs on third-party AI platforms, their execution environments are outside of our AWS Nitro Enclaves; our controls there focus on transport security, access minimization, and provider-level data-use restrictions.


4. Data Sharing

We do not sell or share your data except:

  • Service Providers – Trusted partners who must process data to provide the service and are bound by strict confidentiality.
  • Legal Requirements – To comply with applicable law or valid legal process.
  • Business Transfers – In connection with a merger, acquisition, or sale of assets, subject to this Policy.

5. Data Lifecycle & Retention

Filo never keeps data longer than necessary:

Data CategoryRetention WindowDeletion Mechanism
Messages & attachments (server-side)Not stored - streamed live from Gmail APICryptographic shred
Search queries (Gmail API passthrough)Zero retention - streamed live from Gmail APIAutomatic shard destruction
LLM cacheEphemeral RAM onlyWiped after inference
Application logs30 daysLog rotation & shred
To-Dos (user-created or AI-suggested)Retained until you delete them or delete your account
AI-generated summariesUp to 90 daysAuto-deleted after the 90-day window
OAuth tokensStored encrypted for as long as access is authorizedRevoked on account deletion or user revocation

Deletion timers run on immutable CloudWatch Rules and cannot be paused or altered by human operators.


6. Third-Party Sub-processors

ProviderRegionPurposeEncryption
Amazon Web Servicesus-west-2Compute, storage, key managementAES-256-KMS
CloudflareGlobalWAF, DDoS, Zero-Trust gatewayTLS 1.3 / mTLS
Google-GeminiGlobalAI Summaries · To-Do extraction · Compose/Reply · Chat(no training; enterprise retention controls)TLS 1.3 PFS
Anthropic-Claudeus-west-2AI Summaries · To-Do extraction · Compose/Reply · Chat(no training; enterprise retention controls)TLS 1.3 PFS
OpenAI- Azureus-east-2AI Summaries · To-Do extraction · Compose/Reply · Chat(no training; enterprise retention controls)TLS 1.3 PFS
Sentry SaaSus-west-2Crash telemetry (PII stripped)AES-256-GCM

We update this list whenever we add or remove a sub-processor.


7. AI Data Handling & Model Safety

  • Requests to the language model are encrypted in transit and routed to a zero-retention endpoint.
  • Plaintext is never written to disk; inference happens in volatile memory only.
  • Model outputs are not written back into any training set.
  • You can disable all AI features per mailbox or across your workspace (Planned).
  • * We configure our AI providers with zero-retention/logging-off settings where available and contractually supported.

8. Responsible Disclosure

We welcome security research and community feedback:

We acknowledge reports within 5 business days and remediate confirmed issues within 45 days.


9. Key Management & Encryption

  • Summaries and To-Dos generated by Filo are encrypted at rest with AES-256 using AWS-managed envelope keys, and encrypted in transit via TLS 1.3/SSL.
  • Encryption keys are centrally managed in AWS Key Management Service (KMS) and rotated automatically every 90 days.
  • User login credentials—including password hashes and OAuth tokens—are encrypted at rest with AWS‑managed AES‑256.
  • Only short‑lived, in‑memory data keys are used during processing; no plaintext keys are ever written to disk.
  • TLS 1.3 with forward secrecy secures all traffic between clients, servers, and sub‑processors.

10. Your Privacy Rights

Under GDPR (Articles 15-20) you may request access, correction, export, or deletion of your data at any time.

Email [email protected]

We will respond within 30 days.You also have the right to lodge a complaint with your local supervisory authority.


11. OAuth Scope Transparency

Filo requests one and only one Google OAuth scope—the all-in-one Gmail scope. We keep it simple and transparent:

ScopeWhy We Need It
https://mail.google.com/Grants read, send, and modify rights in your mailbox. Required for Smart Inbox classification, AI Summaries, To-Do extraction, Compose/Reply assistance, and label management.
  • No additional Google scopes are requested.
  • Access is granted via OAuth tokens; we never see or store your Google password.
  • Tokens are encrypted at rest (AES-256 with AWS KMS) and transmitted over TLS 1.3.
  • Filo's implementation has passed Google's Cloud App Security Assessment (CASA) Tier 3 review.

12. Cookies & Tracking Technologies

Filo Mail uses cookies and similar technologies to maintain your session, remember preferences (e.g., language), and measure aggregate/de-identified usage statistics via Google Analytics. Where required by law, analytics only runs after you consent via the banner. We do not use advertising or cross-site retargeting cookies.

Your choices. You can manage cookies in your browser settings (e.g., block or clear cookies and site data for this domain). We honor Global Privacy Control (GPC) signals where supported and will not enable non-essential cookies unless you later provide consent. For assistance, contact [email protected].

U.S. notice (CPRA). We do not sell or share personal information as defined by the CPRA. Because we do not sell or share data and do not engage in cross-context behavioral advertising, a “Do Not Sell or Share My Personal Information” link is not required. If our practices change, we will update this Policy and provide the appropriate link.


13. Children and Age Requirements

Our services are not directed to children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided personal data, please contact us and we will take appropriate steps.


14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If significant changes are made, we will notify you via email or through a notice on our website. Your continued use of Filo Mail constitutes acceptance of the revised policy.


15. Contact Us

If you have any questions or concerns about this Privacy Policy, please contact us at [email protected].


16. International Transfers & Data Residency

Primary region: Our production infrastructure is located in the United States (AWS). We do not currently host or store data in the EEA or the UK.

If you are located in the EEA/UK, your personal data will be transferred to and processed in the United States, and, where relevant, in other countries where our service providers operate.

Transfer safeguards: We rely on the EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum (IDTA), along with technical and organizational measures (e.g., TLS 1.3, in transit, AES-256 at rest, AWS KMS key management, least-privilege access, and auditing).