Your inbox is sacred. We treat it that way.
Ignord reads your email threads to find missed opportunities — then forgets what it read. Here's exactly how we handle your data, what we store, and what we don't.
What we access
When you connect your Gmail or Outlook account, you grant Ignord read-only access to your inbox via OAuth. This means we can read your email threads but cannot send, delete, move, or modify any messages.
Specifically, we access: email thread metadata (sender name, sender email, recipient email, dates, message count); message content, temporarily, to extract engagement signals and detect commercial intent; and email headers to identify newsletters, automated senders, and calendar invites.
We do not access your drafts, contacts list, calendar, Google Drive, OneDrive, or any other service connected to your account.
What we store
After processing your email threads, Ignord stores only the extracted metadata and scores — never the raw content. Here's exactly what lives in our database:
Contact names and email addresses. Thread activity dates (first message, last message). Thread engagement metrics (message count, direction of last message). AI-generated scores (Opportunity Score, commercial intent level, engagement level). AI-generated flags (commitment detection, ‘almost there’ indicators). Your account preferences (scan depth, cold threshold, digest frequency). Your calibration choices and filter rules (whitelist/blocklist). Your actions on threads (hidden, snoozed, actioned).
What we never store
These items are never written to our database under any circumstances:
Email subject lines (used briefly during calibration, then discarded). Email body content or message text. Attachments or files. Full conversation transcripts. Images within emails. Your email password (we use OAuth tokens, never passwords).
When our AI processes a thread, it reads the content, extracts structured signals, and discards the raw text immediately. The content exists in memory during processing and is never persisted.
What we never do
Send emails on your behalf — Ignord has read-only access and cannot compose, send, or reply to any message.
Delete, move, or modify your emails — your inbox remains exactly as it was before you connected.
Share your data with third parties — no advertisers, no data brokers, no partner companies. Your data stays between you and Ignord.
Use your data to train AI models — we use AI to analyse your threads, but your data is never used as training data for any model, including our own.
Sell your data — our business model is subscriptions, not data monetisation. We make money when you pay for Pro, not by selling your information.
Access your inbox in the background without purpose — our webhook system receives a notification when new email activity occurs, but we only fetch and process thread data when generating your dashboard view or preparing your digest email.
You're always in control
Disconnect your inbox at any time from your dashboard settings. When you disconnect, scanning stops and your OAuth tokens are deleted — but your existing thread data, scores, and filters are preserved so you can reconnect later and pick up where you left off.
Delete your entire account and all associated data at any time using the Delete Account option in settings. This removes everything: your profile, your connected account tokens, all thread metadata, all filter rules, and all calibration history. Deletion completes within 24 hours.
Manage your filters to control what Ignord sees. Whitelist domains you care about, blocklist senders you don't. Your calibration choices and manual filter rules give you granular control over which conversations appear on your dashboard.
Choose your scan depth — scan the last 30 days or up to 12 months. Set your cold threshold to match your sales cycle. Configure your digest frequency and delivery preferences. Every setting is in your hands.
Our infrastructure
Ignord is hosted on Vercel (application) and Supabase (database), both running on AWS infrastructure in the United States. All data is encrypted at rest using AES-256 encryption and in transit using TLS 1.2+.
OAuth tokens are stored encrypted in our database and are never exposed to client-side code. Token refresh happens server-side, and tokens are automatically invalidated when you disconnect your inbox.
We are working toward SOC 2 Type 2 compliance and will update this page when certification is achieved. If you have specific security requirements or questions, contact us at security@ignord.com.
Common questions
We store contact names, email addresses, thread activity dates, message counts, engagement scores, and AI-generated metadata like commercial intent signals and commitment detection flags. We also store your account preferences, calibration choices, and filter rules. We never store email subject lines (except briefly during the calibration step, then discarded), message bodies, attachments, or full conversation content.
No. Ignord requests read-only access to your inbox during the OAuth connection. The permission scope we request (gmail.readonly for Gmail, Mail.Read for Outlook) physically cannot send, delete, or modify emails. This is enforced by Google and Microsoft at the API level — it's not just our policy, it's a technical limitation we chose deliberately.
No. We use third-party AI models (currently Anthropic's Claude) to analyse your email threads and extract structured signals. Your email content is sent to the AI for processing, but it is not retained by the AI provider and is not used for model training. Anthropic's API has a zero-data-retention policy — content sent via the API is not stored or used for training. On our side, we discard the raw content immediately after processing and only store the extracted metadata.
When you disconnect your inbox, scanning stops and your OAuth tokens are deleted immediately. Your existing data — thread records, scores, filters, and calibration history — is preserved so you can reconnect later and pick up where you left off. To permanently delete all data, use the Delete Account option in settings. Account deletion removes everything within 24 hours.
Only you. Your data is isolated to your account using row-level security in our database. No other Ignord users can see your data. Ignord staff do not have access to individual user data in the normal course of operations. We do not have a 'team view' or 'admin panel' that exposes user inbox data.
Yes. The free tier is free forever with no credit card required. It includes a 30-day scan, your top 5 stale opportunities, and basic filters. The Pro tier ($19/month or $190/year) unlocks unlimited opportunities, 12-month scans, real-time monitoring, daily/weekly digests, and advanced features like commitment detection and 'almost there' flags.
Questions not covered here? security@ignord.com