Privacy Policy
What data TELVRIX collects, how it's used, and your rights.
Closed beta
TELVRIX is pre-release, closed-beta software. Formal compliance certifications (SOC 2, GDPR DPA) and automated deletion SLAs are not yet in place. Do not use TELVRIX for regulated health data (PHI), payment card data (PCI), or other legally regulated content.
Data we collect
Account data
- Email address (used for login and account identification)
- Display name (optional, user-provided)
- Account creation date
Mailbox connection data
- IMAP host, port, username — encrypted at rest
- IMAP password — AES-256-GCM encrypted; never logged or displayed
- SMTP host, port, username, password — same encryption
Synced email data
- Message metadata: sender name, subject, date, folder, flags (read/starred/etc.)
- Message body: plain text and HTML content (stored for display and search)
- Recipient headers (To, CC) for sent message display
- Attachment metadata: filename and content-type (not the file bytes)
- Thread relationships: grouping messages into conversations
Note: TELVRIX stores email content in a Supabase database to enable offline access and full-text search. This is the core function of the service.
App-generated data
- Labels you create and apply
- Draft emails (stored until sent or deleted)
- Contacts extracted from your mail for autocomplete
- Signature content you write
- Response templates you create
- Workspace events (connect mailbox, invite member, etc.)
How we use your data
To provide the service: We sync your emails, store them for display, and use the content for search and filtering within your account only.
No content analysis for advertising: We do not read, analyze, or process your email content for advertising, behavioral profiling, or any purpose other than providing the email client features.
No data selling: We do not sell, rent, or share your personal data or email content with third parties for their commercial purposes.
Service improvement: Aggregate usage patterns (e.g., feature adoption rates, error rates) may be analyzed to improve the product. This does not involve reading email content.
Operator access: Platform operators can view mailbox health status and aggregate system metrics. They cannot access your email content, subjects, or credentials through the admin interface.
Data retention
Messages are retained according to your plan's retention policy (e.g., 30 days for Free). Deleted messages move to trash and are permanently removed after 30 days.
Disconnecting a mailbox removes the mailbox record and credentials. Synced messages are not automatically deleted when you disconnect — you can delete them manually or contact support.
Account deletion removes all associated data. During closed beta, account deletion requires contacting the operator team directly (Supabase dashboard → Auth → Users).
Your rights
During closed beta, you can:
- Access: All your data is accessible through the TELVRIX interface.
- Export: Contact the operator team to request a data export.
- Delete: Delete messages, labels, and drafts directly in the app. For full account deletion, contact the operator team.
- Disconnect: Disconnect any mailbox at any time in Settings → Mail → Accounts.
Formal rights requests (GDPR Article 17, CCPA deletion) will be supported via a formal process before general availability.
Cookies and tracking
TELVRIX uses session cookies for authentication (HttpOnly, SameSite=Lax). No advertising cookies, tracking pixels, or third-party analytics scripts are loaded by the app.
Read receipts (optional, opt-in per email) use a 1×1 tracking pixel in the sent email. The recipient's open event is recorded when the pixel loads. This feature is only active when you explicitly enable it.
Contact
For data requests, privacy questions, or concerns during closed beta, contact the operator team directly. A formal privacy contact address will be published before general availability.