Privacy
Your strategy is your intellectual property. We are architected not to see it.
Last Updated: February 2026
Zero-Knowledge
Consul processes emails and files exclusively in your device's volatile memory (RAM). Data is wiped instantly upon session termination.
We do not own servers that store your message bodies, attachments, or passwords. We literally cannot surrender your data because we do not hold it.
Your executive data is never used to train our AI models (LLMs). Your context remains isolated.
The Black Paper
Section 1: Data Collection & Identity
We collect only Account Metadata necessary to operate your subscription: your email address for login and subscription status via RevenueCat/Stripe. We do not collect Content Data such as email bodies or PDF contents.
Section 2: The AI Processing Pipeline
Requests are stateless. Data sent to LLM providers (e.g., Gemini/OpenAI) is transmitted via enterprise-grade encryption for inference only and is not retained for learning.
Section 3: Device Security (Secure Enclave)
App passwords and OAuth tokens are stored in the device's native Keychain/Keystore (Secure Enclave). Consul cannot export these keys.
Section 4: Third-Party Integrations
Integrations use IMAP only. No Graph, no proprietary provider APIs. Access occurs via standard IMAP credentials authorized by you.
Section 5: Your Rights (Deletion)
Since we store no data, deleting the app from your device effectively destroys all local indexes and keys. To delete your subscription metadata, contact us.
Security Details
Transport Security
All outbound requests use modern TLS with HSTS. Inference calls to LLM providers are encrypted in transit and scoped to stateless sessions. We do not retain request payloads server-side.
Key Storage & Tokens
Credentials are stored in the operating system's secure key store (Keychain/Keystore). Refresh tokens are scoped with least privilege. Revocation is immediate upon unlinking an integration.
Local Indexes
Context indexes live locally and are purged on uninstall or explicit reset. Ephemeral caches expire on session end. We do not export or sync these indexes to cloud services.
Boundary Model
Integrations operate within user-approved scopes only. Data access is limited to your selections (e.g., chosen mailboxes, calendars, and folders). No background collection outside granted scopes.