Privacy

Last updated May 6, 2026.

Neue connects to Gmail and Calendar only after you approve Google OAuth. We use that access to produce your briefing, draft replies you approve, search your inbox when you ask, and create calendar events when you ask.

We do not sell your data. We do not use Gmail or Calendar data for ads. We do not let humans browse your inbox from the product.

What we store

We store your account profile, connected mailbox metadata, encrypted OAuth tokens, generated briefing summaries, draft metadata, commitments, corrections, product events, and billing identifiers. We do not store raw email bodies.

How AI sees your email

Standard removes identifiers before cloud AI sees mailbox content. Private and Sovereign requests use provider paths configured for no training and no stored AI logs. If that route is unavailable, Neue refuses instead of silently using a less private path.

When the product shows your own email back to you (when a read surface ships), it runs through a separate user-facing redaction that masks third-party identifiers — embedded CC addresses and phone numbers in the body — while leaving your own content intact. The full policy lives at docs/privacy/read-email-policy.md in the repository.

Google API data

Neue's use and transfer of information received from Google APIs follows the Google API Services User Data Policy, including the Limited Use requirements. We use Google data only for the user-facing features you request.

Delivery channels

Neue delivers briefings through one channel per exec.

Channel	Vendor sees plaintext?	Vendor retains body?	Meta-controlled?
WhatsApp	Yes (Twilio + Meta)	Yes (~30 days)	Yes
Signal	No (E2E)	No	No

Retention

We hold reconstructed briefing summaries and draft replies for 90 days, then NULL the text columns. We hold product-event detail blobs for 180 days, then NULL the detail. Row counts stay so we can still tell you "Neue read 4,238 emails this month," but the LLM-generated content past those windows is gone. The retention cron runs nightly at 04:00 UTC.

Contact and support

Privacy questions, deletion help, or anything off about the product goes to support@neue.work. A human reads every message. We acknowledge within one business day.

Your controls

You can download a JSON of everything Neue holds about you from Settings (Article 20). You can delete your account in the same place; that cascades a wipe across every table referencing your user id and leaves only an opaque deletion tombstone (Article 17). Disconnecting a mailbox removes the stored connection without erasing the account.

The export endpoint is GET /api/account/export. The deletion endpoint is POST /api/account/delete with body {"confirm_text":"delete my data"}. Both require an authenticated session cookie.

Cookies and tracking

Neue sets exactly one cookie: neue_session, an HMAC-signed session token. No third-party analytics. No advertising trackers. No fingerprinting scripts. No cross-site tracking pixels. Logging out clears the cookie; deleting your account invalidates it server-side.

Sub-processors

Neue uses the following sub-processors to deliver the service. Each row names the role and what data they see.

Sub-processor	Role	Data exposure
Supabase	Postgres hosting (EU/US)	All persisted Neue data (encrypted at rest)
Anthropic	LLM (Standard tier)	Redacted email content, ZDR-enrolled, no training
OpenRouter	LLM routing	Redacted email content, routed only to ZDR providers
Google	Gmail + Calendar OAuth	Customer-controlled access; Neue never proxies
Twilio	WhatsApp delivery	Phone number + briefing message text
Vercel	App hosting	Request logs only; no email content reaches Vercel logs
Modal	Enterprise tier compute (opt-in)	Tenant-isolated; only when explicitly enabled

Modal only runs for Enterprise tier customers who explicitly enable the dedicated compute path. Standard and Sovereign tiers never touch Modal.