Email/message content for summarization, classification, and draft reply generation
Never used for model training. Retained only within OpenAI's limited abuse-monitoring window, then deleted.
United States
User accounts, encrypted OAuth tokens, AI-generated summaries, conversation metadata, audit logs
Retained until removed by our automated retention jobs or account deletion
EU (eu-west) or US region
HTTP requests, serverless function execution. No persistent storage of user content.
Function logs retained for 30 days. No user content stored.
Global edge, primary US/EU
Request counters and rate-limit keys (user IDs or IP addresses). No message content.
Counters expire automatically with the rate-limit window (1–60 minutes)
Global
Customer email, subscription status, payment method tokens. Fyltre never sees or stores full card details.
Per Stripe's retention policy; payment records kept for legal/financial compliance
United States / Ireland (EU)
OAuth tokens (encrypted at rest); Gmail API calls to fetch and send email on your behalf
Fyltre stores encrypted OAuth tokens only. Email content fetched on demand.
Global (Google Cloud)
OAuth tokens (encrypted at rest); Slack API calls to read messages and channels on your behalf
Fyltre stores encrypted OAuth tokens only. Message content fetched on demand.
Global (AWS)
OAuth tokens (encrypted at rest); Microsoft Graph API calls to fetch emails and messages
Fyltre stores encrypted OAuth tokens only. Email content fetched on demand.
Global (Azure)
Change notification
No surprises. Ever.
We provide at least 30 days’ notice before engaging a new subprocessor or materially changing how an existing one processes personal data. Team and Enterprise customers can subscribe to change notifications by contacting security@fyltre.com.
Questions about our subprocessors? security@fyltre.com