Security & Trust

Privacy Policy

Last updated: June 4, 2026

1. Introduction

At Nivi Email, we understand that your email communications contain sensitive, confidential, and proprietary business information. We are committed to protecting the privacy and security of your data. This Privacy Policy explains how we collect, process, secure, and disclose information when you use our Business Email Service, Unified Workspace, and associated platforms.

As a provider of business-class communication tools, Nivi Email primarily acts as a Data Processor under applicable global data protection laws (including GDPR and CCPA). Our customers (businesses, organizations, and administrators subscribing to our service) act as the Data Controllers. If you are an individual end-user whose mailbox is managed by your employer or an organization, their privacy policy govern the control of your mailbox.

2. Information We Collect & Host

We process information necessary to deliver a stable, reliable, and secure email routing and hosting system. This includes:

  • Account & Administration Data: When administrators sign up for Nivi Email, we collect names, corporate email addresses, company names, billing details, and billing addresses. We use this strictly to manage subscription lifecycles.
  • Email Transmission Metadata: To route and deliver emails, our system processes metadata including sender and recipient email addresses, mail servers involved, timestamps, IP addresses of originating servers, delivery routes, and email sizes.
  • Mailbox Content & Attachments: We host the email messages, calendar events, address books, tasks, and files uploaded to your account. This content is stored securely on servers specified in your customer agreement and is strictly kept confidential.
  • AI Processing Data: If your organization enables our AI features (such as Smart Compose, Thread Summarization, or Tone & Sentiment Analysis), we temporarily process email content or thread histories to generate AI models' suggestions. See Section 6 for detailed AI privacy boundaries.
  • Security & Abuse Monitoring Logs: We compile technical logs of sign-ins, IP locations, access attempts, API queries, and automated email deliverability diagnostics to prevent malicious logins, virus propagation, and outbound spam.

3. How We Process Your Data

We process your business information solely to execute our service commitments, specifically for the following purposes:

  • Service Delivery: Hosting, transmitting, and organizing emails, syncing with mobile clients via ActiveSync, and maintaining shared team folders.
  • Security, Spam, and Virus Filtering: Utilizing inbound/outbound spam filters, domain reputation monitors, and sandbox environments to inspect mail for malware, safeguarding your organization's network and deliverability.
  • AI Automation: Providing context-aware drafts, sentiment checks, and thread summaries when actively initiated by the user.
  • Technical Troubleshooting: Analyzing system logs on an aggregated, pseudonymized basis to resolve delivery errors and network bottlenecks.

Strict Ad-Free Policy: We do NOT analyze, parse, or scan your email content or attachments for marketing, profiling, or target advertisement purposes. Your mailbox content remains entirely yours.

4. Data Storage & Encryption

Your communication data is protected through enterprise-grade encryption standard methodologies:

  • Encryption in Transit: All connections to our mail servers (SMTP, IMAP, POP3, and webmail clients) are protected with TLS/SSL encryption. We support and enforce Strict Transport Security (HSTS) and secure SPF, DKIM, and DMARC verification.
  • Encryption at Rest: Mailboxes, shared drive assets, and configurations are stored using AES-256 standard encryption keys.
  • Physical Security: Data is hosted in SOC 2 Type II certified cloud environments with strict logical access controls and physical perimeter monitoring.

5. Data Retention & Deletion

We respect your right to control your storage timeline:

  • User-Controlled Deletion: Emails moved to the "Trash" or "Junk" folders are automatically purged within 30 days, or immediately if manually deleted by the user.
  • Subscription Termination: Upon subscription termination, all customer data, including mailboxes, calendars, contacts, and logs, will be permanently deleted from our primary systems within 60 days, and from offline encrypted backups within 90 days.

6. AI Integration & Confidentiality

Nivi Email features optional built-in AI productivity enhancements. When utilized, the following policies apply:

  • No Model Training: None of the data, email text, thread history, or metadata processed by Nivi Email's AI features is used by us or our model sub-processors (such as Google Cloud Vertex AI, OpenAI, Anthropic, or Microsoft Azure) to train public foundation models.
  • Data Isolation: AI requests are stateless, processed in secure containers, and discarded immediately after the response is generated.
  • Admin Control: Organization administrators can disable all AI features enterprise-wide at any time through the administration control console.

7. Subprocessors & Third Parties

We share metadata or account details with trusted third parties strictly to facilitate business operation:

  • Infrastructure Providers: Hosting and storage servers (e.g., AWS / Google Cloud Platform).
  • Billing & Payments: PCI-compliant payment gateways (e.g., Stripe, Razorpay) to process payments safely.
  • Deliverability Analytics: Diagnostic tools to check mail blacklists and DNS configurations.

All subprocessors are bound by strict data processing agreements matching the terms of this Privacy Policy.

8. International Compliance (GDPR, CCPA)

We comply with major international frameworks:

  • GDPR (Europe): We provide Standard Contractual Clauses (SCCs) and a comprehensive Data Processing Addendum (DPA) to cover data transfers from the EU/EEA.
  • CCPA / CPRA (California): We act as a service provider and do not "sell" or "share" personal information of our corporate users.
For rights inquiries (access, rectification, portability, erasure), please contact your company's network administrator or reach out to our DPO at support@nivi.email.

9. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our infrastructure, security protocols, or international regulatory guidelines. Significant updates will be highlighted via your admin dashboard or via direct notification.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our security infrastructure, please contact us at:

Nivi Email Security & Compliance Team
Email: support@nivi.email