Privacy
Your strategy is your intellectual property. We are architected not to see it.
Last Updated: March 2026
Zero-Knowledge
Consul processes emails and files exclusively in your device's volatile memory (RAM). Data is wiped instantly upon session termination.
We do not own servers that store your message bodies, attachments, or passwords. We literally cannot surrender your data because we do not hold it.
Your executive data is never used to train our AI models (LLMs). Your context remains isolated.
The Black Paper
Section 1: Data Collection & Identity
We collect only Account Metadata necessary to operate your subscription: your email address for login and subscription status via Adapty. We do not collect Content Data such as email bodies or file contents.
Company Memory — decisions, goals, and facts you surface during board meetings — is stored in Firebase Firestore under your account and is deleted upon account deletion.
Section 2: The AI Processing Pipeline
AI responses are generated via Claude (Anthropic) and Gemini (Google). Requests are routed through our Firebase Cloud Functions proxy so your API credentials are never exposed client-side. Data is transmitted via enterprise-grade encryption for inference only and is not retained for model training by either provider under their enterprise terms.
Section 3: Device Security (Secure Enclave)
Email passwords you connect via IMAP are stored exclusively in the device's native Keychain (iOS Secure Enclave). These credentials are never transmitted to Consul servers. Consul cannot read or export these keys.
Section 4: Third-Party Integrations
Email integrations use IMAP only — no proprietary provider APIs. Access occurs via standard IMAP credentials authorized by you and stored locally as described in Section 3. Calendar access (EventKit) is used solely to schedule action items you explicitly approve.
Section 5: Your Rights (Deletion)
Deleting the app removes all local indexes, keys, and cached data from your device. To delete your account data (company memory, subscription metadata) from our servers, contact us at legal@theconsul.app. We will process deletion requests within 30 days.
Security Details
Transport Security
All outbound requests use modern TLS with HSTS. Inference calls to LLM providers are encrypted in transit and scoped to stateless sessions. We do not retain request payloads server-side.
Key Storage & Tokens
Credentials are stored in the operating system's secure key store (Keychain/Keystore). Refresh tokens are scoped with least privilege. Revocation is immediate upon unlinking an integration.
Local Indexes
Context indexes live locally and are purged on uninstall or explicit reset. Ephemeral caches expire on session end. We do not export or sync these indexes to cloud services.
Boundary Model
Integrations operate within user-approved scopes only. Data access is limited to your selections (e.g., chosen mailboxes, calendars, and folders). No background collection outside granted scopes.