Most of your mail never reaches an AI model. Here is exactly what happens, in order, to every message that arrives.
People you know skip the AI entirely. Links are screened on every message either way, so a malicious link is caught even from a sender you trust.
A complete account of what we collect, where it goes, and how long we keep it. Our full legal policy covers the rest.
Sieve classifies every incoming message, but most mail never reaches an AI model. Senders you already have a relationship with, including your team, anyone you have corresponded with, and anyone in an existing thread, are handled entirely by fixed, deterministic rules, and their mail is never sent to the AI. Only mail from senders you have no relationship with is passed to the classifier.
For each message, Sieve keeps a small record of classification metadata for 90 days: a one-way hash of the sender, the sender's domain, the label applied, the signal that drove the decision, a timestamp, and the version of the classifier that ran. We do not store message bodies, snippets, the model's reasoning, or any contact graph.
The only content we retain is the subject line of mail flagged as Solicitor or Malicious, which is encrypted with AES-256-GCM and deleted automatically after 30 days. Mail that is left alone has nothing stored beyond the metadata above.
When a message from someone you do not know reaches the classifier, three things are sent to the AI for a single classification: the subject, a truncated excerpt of the plain-text body of roughly 2,000 characters, and a set of technical signals. The data is never used to train any model and is deleted after 30 days. Your contact list and relationship history never leave our servers.
Sieve requests a single Gmail permission,
gmail.modify, which allows it to read incoming mail,
apply labels, and keep your inbox filtered. We do not request
access to your contacts, your drafts, or the ability to send mail
on your behalf. Both the product design and our internal controls
keep that permission scoped to classification and labeling.
Sensitive fields are encrypted at rest with AES-256-GCM, and all data is encrypted in transit with TLS. Everything is hosted in the United States, and row-level security is enforced on every table, so one account can never reach another account's data.
Account deletion is self-serve and takes effect immediately. Deleting your account removes all of your data, disconnects Gmail, and cancels any active billing in a single step, with no support ticket and no waiting period. Flagged subject lines and classification metadata are removed along with everything else.
The controls behind the promises above, grouped by what they protect.
In progress Our Google CASA Tier 2 lab audit is complete. Our SOC 2 Type II is part of our launch process and still underway — we will describe it as complete only once it is independently verified.