Elenor privacy policy

Elenor was made to make email less painful, not to get weird about your data. This page explains what the app and website do with personal information in plain English.

Last updated: 30 May 2026

Who we are

Elenor is an email application for Windows, Android, iPhone, and iPad, created by Roger Chappell from Media Two. For privacy questions, you can contact us through hello@elenor.com.au.

What information Elenor accesses

Elenor is an email client, so it needs access to the kinds of information that email clients normally handle, including:

  • Email addresses, names, and contact details
  • Email messages, message previews, and attachments
  • Folder names, favourites, rules, and other mail settings
  • Outgoing mail details such as recipients, CC, BCC, and signatures
  • Account settings needed to connect to your mail provider
  • OAuth tokens and sign-in details needed to connect to providers such as Google or Microsoft
  • On mobile devices, contacts you choose to use for recipient suggestions
  • Notification settings and unread counts used to show new mail alerts
  • Files, photos, or documents you choose to attach, save, open, or insert into messages

Google account access

If you choose to connect a Gmail or Google Workspace account to Elenor, Elenor may use Google APIs to access your email account so it can read, send, organise, and display your mail within the app.

Google account data accessed by Elenor is used only to provide and improve the email features you choose to use inside Elenor. It is not sold, and it is not used for advertising.

If you disconnect your Google account from Elenor, remove the account from the app, or revoke access through your Google account permissions, Elenor will no longer be able to access that Google account through Google APIs.

Elenor uses security procedures to help protect Google user data. Connections to Google services are intended to use encrypted transport such as HTTPS and TLS, and locally stored sign-in secrets such as OAuth tokens are intended to use device-protected storage, such as Windows-protected storage, Android secure storage, or the iOS Keychain, rather than plain text.

The use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

How Elenor uses that information

Elenor uses this information only to provide the features you would reasonably expect from an email app, such as:

  • Connecting to your email account
  • Downloading and displaying messages and folders
  • Sending messages you create or schedule
  • Saving local drafts, contacts, rules, favourites, and settings
  • Helping with features like junk filtering, autocomplete, archive, and send later
  • Providing optional AI features, including rewrite and Morning Cuppa briefs, if you choose to use them
  • Restoring accounts and settings to Elenor Mobile from an Elenor cloud backup or desktop setup QR code
  • Showing mobile notifications for new mail if you enable them

AI features and subscriptions

Elenor includes optional live generative AI features. If you choose to use AI rewrite, Elenor sends the selected draft text, rewrite settings, and the email address of the sending account to our AI service at ai.elenor.com.au.

If you choose to use Morning Cuppa, Elenor may send selected unread email details from the morning brief period, such as sender, subject, preview text, and relevant body text, to our AI service so the brief can be generated.

Our AI service uses OpenAI to generate the rewritten text or brief and return it to Elenor. This information is used only to provide the AI feature you asked for.

To manage free usage, subscriptions, and monthly limits, we may store limited account and usage records such as your email address, requested AI feature, rewrite tone where relevant, usage counts, character counts, token counts, timestamps, response status information, and IP address.

If you do not use AI features, your draft text or morning brief message content is not sent to our AI service for those features.

If you purchase an Elenor AI subscription through the Microsoft Store, Google Play, or Apple's App Store, billing and payment processing are handled by the relevant store provider, not by Elenor.

Cloud backup and mobile setup

Elenor can optionally back up selected app settings so you can restore them later or set up Elenor Mobile without typing everything again. This may include account names, email addresses, server settings, folders, favourites, rules, signatures, contacts, and other app preferences.

If you choose to include saved passwords in a cloud backup or mobile setup QR code, Elenor encrypts that backup data before it leaves your device. The recovery code or QR setup key is needed to decrypt it. If you do not choose to include saved passwords, Elenor may still store password reminders or incomplete password hints where available, but not the full password.

Mobile setup QR codes are short-lived and are intended to be used once. They are there to save you from retyping the whole inbox circus by hand.

Attachments and temporary links

If you choose to upload a large attachment instead of sending it directly through your email provider, Elenor may upload that file to Elenor's server and insert a download link into your message. These links are intended to be temporary and may expire after a limited period, such as 7 days.

We may store the uploaded file, filename, file size, upload time, expiry time, download token, and download count so the link can work and so we can manage storage and bandwidth. Do not use temporary attachment links for material that should never be accessible by anyone who has the link.

Mobile contacts, notifications, and files

On Android, iPhone, and iPad, Elenor Mobile may ask for access to your contacts if you choose to use contact suggestions in the composer. Contact data is used to help address email and is not sold or used for advertising.

Elenor Mobile may ask for notification permission so it can show new mail alerts. You can turn notifications off in Elenor or in your device settings.

Elenor Mobile may also ask for access to files or photos when you choose to attach a file, save an attachment, insert an image, or open a document. Elenor does not browse your files or photos unless you choose something for the app to use.

Where your data is stored

Elenor stores app data locally on your device, including cached mail data, settings, contacts, rules, and scheduled messages.

Passwords and OAuth tokens are intended to be stored using device-protected storage, such as Windows-protected storage, Android secure storage, or the iOS Keychain, rather than plain text. Your email messages and attachments may also continue to exist on your email provider's servers, depending on how your provider works and how you use the app.

What Elenor sends over the internet

Elenor connects to your chosen email provider using the server settings for that account. That means it transmits email and account-related data to and from your mail provider so the app can work.

If you choose to use AI features, Elenor also transmits the selected draft text, selected morning brief email content, and related request details to our AI service so the requested result can be returned to the app.

Elenor is not a hosted email service. It connects you to your own email service.

How we protect your data

Security procedures are in place to help protect the confidentiality of the personal information Elenor handles, including Google user data.

  • Elenor is intended to use encrypted connections such as SSL/TLS or HTTPS when talking to supported mail providers, sign-in providers, and our AI service.
  • Passwords, app passwords, and OAuth tokens are intended to be stored using device-protected storage tied to the current user or device account rather than plain text files.
  • Access to connected account data is limited to the features you choose to use inside Elenor, such as reading, sending, organising, rewriting email, or generating a Morning Cuppa brief.
  • We try to minimise the amount of data sent to third-party services and only transmit what is needed for the feature you asked Elenor to perform.

What we do not do

  • We do not sell your personal information.
  • We do not run Elenor as a hosted mailbox service.
  • We do not read your email content for advertising.
  • We do not use your email content to build advertising profiles.
  • We only share data with third parties where needed to connect to your mail provider, provide optional AI features, process store subscriptions, or where required by law.

Third-party services

Elenor may interact with third-party services you choose to use, including:

  • Your email provider, such as Gmail or a custom IMAP/SMTP host
  • Google or Microsoft identity and mail services, if you choose to connect those accounts
  • Our AI service at ai.elenor.com.au, if you choose to use AI features
  • OpenAI, which is used to generate AI responses
  • Microsoft Store, Google Play, or Apple's App Store, if you download Elenor, update it, or purchase an Elenor AI subscription through a store
  • Website hosting or CDN providers used to deliver the Elenor website or downloads

Those services have their own privacy policies and practices.

Security

We take reasonable steps to protect the data Elenor stores and uses, including using device-protected local secret storage and encrypted network connections where supported. No software or internet transmission can be guaranteed to be perfectly secure, so you should also protect your own device, email passwords, app passwords, and account recovery options appropriately.

Your choices

You can control much of the data Elenor stores by using the app settings and your device settings, including by:

  • Removing accounts from Elenor
  • Deleting local app data from your device
  • Managing contacts, favourites, junk rules, and scheduled messages within the app
  • Choosing whether or not to use AI features such as rewrite or Morning Cuppa
  • Changing or removing connected accounts at the provider level
  • Revoking OAuth access through your Google or Microsoft account settings where applicable

Changes to this policy

We may update this privacy policy from time to time. If we do, the updated version will be posted on this page with a revised date.

Contact

If you have questions, feedback, or a genuinely brilliant idea about Elenor and privacy, please contact us at hello@elenor.com.au.