Publisher and data controller
SVNK Technologies acts as the data controller for Aquila account, billing, security, and service operation data. Mailbox content remains under the control of the user and the mailbox provider selected by the user.
View company registryData we process
Aquila processes the minimum data needed to authenticate users, connect mailboxes, issue API or OAuth credentials, enforce access control, and provide MCP email tools.
- Account data, such as email address and authentication identifiers.
- Mailbox metadata, such as mailbox address, provider, host settings, connection status, and user-defined inbox names.
- Encrypted mailbox credentials required to connect to IMAP and SMTP servers.
- API key and OAuth grant metadata, including key names, selected mailboxes, scopes, creation dates, expiration dates, and revocation status.
- Operational logs and audit events needed for security, abuse prevention, debugging, and service reliability.
Emails and attachments are streamed from the user's mailbox to the authorized agent request path when a tool call requires them. Aquila does not store email bodies or attachments by default.
Email host integrations
Aquila connects to email hosts only when a user chooses to connect a mailbox, and only for the purpose of making that mailbox available to AI agents the user has authorized. Depending on the host, Aquila uses OAuth authorization or the user-provided IMAP and SMTP settings to read messages, create drafts, send mail, organize folders, update labels or tags, and perform other mailbox actions requested through approved MCP tools.
These integrations are not used for advertising, user profiling, data resale, model training, or independent monitoring of a mailbox. Email content is retrieved only when an authorized agent request requires it, and Aquila does not store email bodies or attachments by default.
- Gmail
- Outlook
- iCloud Mail
- OVH Mail
- Namecheap Private Email
- Spaceship Spacemail
- Infomaniak Mail
- mailbox.org
- Fastmail
- Zoho Mail
- IONOS Mail
- GoDaddy Professional Email
- 123 Reg
- SiteGround Email
- OpenSRS
- Rackspace Email
- One.com Email
- Yahoo Mail
- AOL Mail
- Hostinger Email
- Orange Mail
- Custom IMAP/SMTP hosts
Security model
Aquila implements administrative, technical, and organizational safeguards designed to protect user data and reduce operational risk. No online service can guarantee zero risk, but the service is built to avoid unnecessary storage and to limit access by design.
- Mailbox credentials are protected at rest with encrypted secret storage.
- API keys, OAuth access tokens, refresh tokens, and authorization codes are stored as HMAC-SHA-256 hashes and are not stored in plaintext.
- Email bodies and attachments are fetched on demand for authorized agent requests and are not stored by default.
- Sensitive request fields such as passwords, tokens, API keys, and email content are redacted from application logs.
- MCP operations are authenticated, rate-limited, bounded by result and attachment limits, and scoped to the mailboxes selected by the user.
Processors and sharing
Aquila uses infrastructure providers such as Google Cloud, Firebase Authentication, Firestore, Cloud Run, and Firebase/Google Analytics to operate and improve the service. Analytics events are used to understand aggregate behavior such as sign-up, plan selection, mailbox connection, API key creation, and feature usage; they are not designed to include mailbox addresses, email content, passwords, API keys, or OAuth tokens. Aquila also keeps aggregate counts of analytics consent accept and reject choices to monitor opt-in rates. When a user connects Aquila to an AI agent or MCP client, data may be sent to that agent or client according to the mailbox access and scopes approved by the user.
SVNK Technologies does not sell user mailbox data. Data may be disclosed where required by law, to protect the service against abuse, or to operate the service with trusted processors under appropriate confidentiality and security obligations.
Retention and deletion
Account data, mailbox configuration, encrypted credentials, API keys, OAuth grants, and audit logs are retained for as long as needed to provide Aquila, secure the service, comply with legal obligations, and resolve disputes. Users can disable or delete connected mailboxes and revoke API keys or OAuth grants from the dashboard.
When a mailbox is deleted, Aquila deletes the stored credential reference for that mailbox. Backups, security logs, and infrastructure-level records may persist for a limited period before routine deletion.
Service limits and data loss
Aquila is not an email hosting, backup, archive, or recovery service. Users remain responsible for maintaining access to their mailbox provider, preserving mailbox backups where needed, and reviewing any action performed by an authorized agent.
To the maximum extent permitted by applicable law, SVNK Technologies is not liable for data loss, mailbox provider outages, user misconfiguration, revoked credentials, actions requested by the user through connected agents, or failures outside Aquila's reasonable control.
Your rights
Subject to applicable law, users may request access, correction, deletion, restriction, portability, or objection regarding personal data processed by SVNK Technologies for Aquila. Users may also lodge a complaint with a competent data protection authority.
Requests should identify the Aquila account concerned and the right being exercised. SVNK Technologies may need to verify the requester's identity before acting on a request.