ISURA
Back to operations
Privacy policy

Your inbox stays yours.

How ISURA collects, processes, and protects the data you connect — written in plain language, not legal templates.

Effective: May 11, 2026

Private pilot

ISURA is currently in private pilot. Features and system behavior may evolve during testing.

Read the pilot status →
01

What we collect

When you connect a mailbox, ISURA receives the message metadata and content needed to perform cognitive analysis: sender, recipients, subject, body, timestamps, thread identifiers, and attachment filenames. We also store basic account information (your email, optional name, company, and role) and product telemetry strictly scoped to reliability — not behavioral profiling.

02

Why we process it

We process this data for one purpose: to surface real operational consequences in your inbox and quiet the rest. We do not profile you, we do not sell data, and we do not enrich it with third-party sources.

03

Gmail OAuth permissions

ISURA connects to Gmail through Google's official OAuth flow. We request the minimum scopes needed: read message metadata and content, and (if you enable approval-based replies) prepare drafts that wait for your explicit click. We never request "send on your behalf" scopes that would allow autonomous sending.

Your Google credentials never reach us. You can revoke access at any time from your Google account or directly inside ISURA.

04

How AI processes your data

AI inference runs only when needed to fulfil a live request from your workspace. Processing is transient — the provider does not retain your message content beyond the call. ISURA never uses your private email to train any model: ours, our providers', or anyone else's. This is contractual, not optional.

05

Third-party providers

ISURA relies on a small set of subprocessors: a managed cloud database, a transactional email provider for system messages, and AI inference providers bound by zero-retention agreements. A current list is available on request to privacy@isura.tech.

06

Storage, encryption, and security

All traffic is encrypted with TLS 1.3. Stored data is encrypted at rest with AES-256. OAuth tokens are isolated per workspace and rotated automatically. Production access is restricted, audited, and requires multi-factor authentication.

07

Your rights — GDPR and KVKK

You can request access, correction, export, or deletion of your data at any time. Disconnecting your inbox revokes tokens immediately and purges stored analysis artifacts within 24 hours. Email privacy@isura.tech to exercise any GDPR or KVKK right.

08

No training on your private email

To repeat what matters most: your messages are not used to train any model — ours, our providers', or anyone else's.

Questions or requests?

Reach our privacy and trust team directly. We respond within five working days.

privacy@isura.tech