Privacy Policy
Get Started
Privacy
Privacy
At Canary, safeguarding your business data is a top priority. As privacy regulations evolve globally—driven by frameworks like the EU’s General Data Protection Regulation (GDPR)—organizations are rightfully demanding greater transparency, control, and accountability. Canary fully supports these standards and is committed to ensuring that Shared Inbox by Canary meets the highest levels of compliance and trust.
We understand that our customers—ranging from startups to enterprises—entrust us with sensitive communications and workflows. Our business depends on maintaining that trust by delivering secure, reliable, and privacy-conscious tools. Below is a summary of our data practices aligned with GDPR and other global privacy standards. For more detailed information, you can access our full privacy policy here.
The data Shared Inbox by Canary accesses depends on your team’s usage and the features you enable. By default, we do not access or store the content of your email messages.
To provide core functionality, we may process:
Workspace and user-level data such as names, work email addresses, and role-based permissions
Authentication tokens (e.g., OAuth) to connect with email servers
Training documents and emails for instant replies, smart reply suggestions and analytics
Assignment rules, and inbox configurations
This data is stored securely and is never shared with third parties without your consent.
Our AI leverages cutting-edge language models from providers like OpenAI, Azure, AWS, Google, Anthropic, and others. These models power features such as auto-drafting replies, answering queries and analyzing top issues.
We’ve opted out of data sharing agreements with these providers. Your team’s data:
Will not be used to train or improve third-party models
Will not be used for profiling or advertising
May be processed temporarily on secure servers to enable AI features
Any personalized ML models, such as those used for prioritization or user-specific suggestions, are trained and stored securely—either on-device or within your team’s encrypted environment. No team data is ever used to train models across organizations.
The information we collect is used only to operate and maintain Shared Inbox by Canary. We do not use cookies or similar technology to show you interest-based advertising, nor do we extract data from the content of your emails for tracking or advertising purposes.
We do use certain data we collect from you for internal purposes such as analyzing how Canary is used, diagnosing service or technical problems, and maintaining security. This includes information such as the marketing channel from which you learned about and downloaded Canary Mail, how often you use it, aggregated usage data, and other performance data.
Canary’s use of information received from Gmail APIs adheres to Google's Limited Use Requirements.
We use collected data strictly to operate and improve Shared Inbox by Canary. We do not serve ads, nor do we extract or monetize content from your communication data.
We may use:
Aggregated usage metrics to identify performance bottlenecks
Crash reports and diagnostic information (only if you enable this option)
Feature engagement data to refine user experience
We rely on vetted third-party vendors for infrastructure, analytics, support, and monitoring. These include cloud hosting providers, database services, and tools for customer success. All vendors handling personal data are bound by strict Data Processing Agreements (DPAs) that reflect GDPR and similar requirements.
Wherever possible, we minimize the scope of data shared—preferring anonymized or aggregated data—and ensure access is limited to what is essential.
Your organization can control integrations such as Slack, Google Drive, or other third-party tools. These are opt-in and can be disconnected at any time.
We implement rigorous security measures to protect the integrity and confidentiality of your data, including data from Google services. All data is encrypted in rest and in transit.
Under the GDPR, if you are an EU citizen you have the right
to access your personal data
to be provided with information about how your personal data is processed
to have your personal data corrected
to have your personal data erased in certain circumstances
to object to or restrict how your personal data is processed
to take any complaints about how we process your data to the DataProtection Authority in your country
Shared Inbox by Canary is a product of Cartasec Pte. Ltd. For questions about this privacy overview or our data protection practices, reach us at hello [at] canarymail.io.
