Elenor privacy policy

Elenor was made to make email less painful, not to get weird about your data. This page explains what the app and website do with personal information in plain English.

Last updated: 5 May 2026

Who we are

Elenor is a Windows email application created by Roger Chappell from Media Two. For privacy questions, you can contact us through mediatwo.com.au.

What information Elenor accesses

Elenor is an email client, so it needs access to the kinds of information that email clients normally handle, including:

  • Email addresses, names, and contact details
  • Email messages, message previews, and attachments
  • Folder names, favourites, rules, and other mail settings
  • Outgoing mail details such as recipients, CC, BCC, and signatures
  • Account settings needed to connect to your mail provider
  • OAuth tokens and sign-in details needed to connect to providers such as Google or Microsoft

Google account access

If you choose to connect a Gmail or Google Workspace account to Elenor, Elenor may use Google APIs to access your email account so it can read, send, organise, and display your mail within the app.

Google account data accessed by Elenor is used only to provide and improve the email features you choose to use inside Elenor. It is not sold, and it is not used for advertising.

If you disconnect your Google account from Elenor, remove the account from the app, or revoke access through your Google account permissions, Elenor will no longer be able to access that Google account through Google APIs.

Elenor uses security procedures to help protect Google user data. Connections to Google services are intended to use encrypted transport such as HTTPS and TLS, and locally stored sign-in secrets such as OAuth tokens are intended to use Windows-protected storage rather than plain text.

The use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

How Elenor uses that information

Elenor uses this information only to provide the features you would reasonably expect from an email app, such as:

  • Connecting to your email account
  • Downloading and displaying messages and folders
  • Sending messages you create or schedule
  • Saving local drafts, contacts, rules, favourites, and settings
  • Helping with features like junk filtering, autocomplete, archive, and send later
  • Providing optional AI features, including rewrite and Morning Cuppa briefs, if you choose to use them

AI features and subscriptions

Elenor includes optional live generative AI features. If you choose to use AI rewrite, Elenor sends the selected draft text, rewrite settings, and the email address of the sending account to our AI service at ai.elenor.com.au.

If you choose to use Morning Cuppa, Elenor may send selected unread email details from the morning brief period, such as sender, subject, preview text, and relevant body text, to our AI service so the brief can be generated.

Our AI service uses OpenAI to generate the rewritten text or brief and return it to Elenor. This information is used only to provide the AI feature you asked for.

To manage free usage, subscriptions, and monthly limits, we may store limited account and usage records such as your email address, requested AI feature, rewrite tone where relevant, usage counts, character counts, token counts, timestamps, response status information, and IP address.

If you do not use AI features, your draft text or morning brief message content is not sent to our AI service for those features.

If you purchase an Elenor AI subscription through the Microsoft Store, billing and payment processing are handled by Microsoft, not by Elenor.

Where your data is stored

Elenor stores app data locally on your Windows device, including cached mail data, settings, contacts, rules, and scheduled messages.

Passwords are intended to be stored using Windows-protected storage rather than plain text. Your email messages and attachments may also continue to exist on your email provider's servers, depending on how your provider works and how you use the app. OAuth tokens may also be stored locally using Windows-protected storage.

What Elenor sends over the internet

Elenor connects to your chosen email provider using the server settings for that account. That means it transmits email and account-related data to and from your mail provider so the app can work.

If you choose to use AI features, Elenor also transmits the selected draft text, selected morning brief email content, and related request details to our AI service so the requested result can be returned to the app.

Elenor is not a hosted email service. It connects you to your own email service.

How we protect your data

Security procedures are in place to help protect the confidentiality of the personal information Elenor handles, including Google user data.

  • Elenor is intended to use encrypted connections such as SSL/TLS or HTTPS when talking to supported mail providers, sign-in providers, and our AI service.
  • Passwords, app passwords, and OAuth tokens are intended to be stored using Windows-protected storage tied to the current Windows user account rather than plain text files.
  • Access to connected account data is limited to the features you choose to use inside Elenor, such as reading, sending, organising, rewriting email, or generating a Morning Cuppa brief.
  • We try to minimise the amount of data sent to third-party services and only transmit what is needed for the feature you asked Elenor to perform.

What we do not do

  • We do not sell your personal information.
  • We do not run Elenor as a hosted mailbox service.
  • We do not read your email content for advertising.
  • We do not use your email content to build advertising profiles.
  • We only share data with third parties where needed to connect to your mail provider, provide optional AI features, process Microsoft Store subscriptions, or where required by law.

Third-party services

Elenor may interact with third-party services you choose to use, including:

  • Your email provider, such as Gmail or a custom IMAP/SMTP host
  • Google or Microsoft identity and mail services, if you choose to connect those accounts
  • Our AI service at ai.elenor.com.au, if you choose to use AI features
  • OpenAI, which is used to generate AI responses
  • Microsoft Store, if you download Elenor, update it, or purchase an Elenor AI subscription through the Store
  • Website hosting or CDN providers used to deliver the Elenor website or downloads

Those services have their own privacy policies and practices.

Security

We take reasonable steps to protect the data Elenor stores and uses, including using Windows-protected local secret storage and encrypted network connections where supported. No software or internet transmission can be guaranteed to be perfectly secure, so you should also protect your own device, email passwords, app passwords, and account recovery options appropriately.

Your choices

You can control much of the data Elenor stores by using the app settings and your device settings, including by:

  • Removing accounts from Elenor
  • Deleting local app data from your device
  • Managing contacts, favourites, junk rules, and scheduled messages within the app
  • Choosing whether or not to use AI features such as rewrite or Morning Cuppa
  • Changing or removing connected accounts at the provider level
  • Revoking OAuth access through your Google or Microsoft account settings where applicable

Changes to this policy

We may update this privacy policy from time to time. If we do, the updated version will be posted on this page with a revised date.

Contact

If you have questions, feedback, or a genuinely brilliant idea about Elenor and privacy, please contact us via Media Two.