CelEpiCelEpi
Sign in

Privacy Policy

Last updated: 15 June 2026

CelEpi is an email application that brings your mailboxes into one place, organised around the people you talk to. This policy explains what information CelEpi collects, how it is used, and the choices and rights you have. CelEpi is operated by Etheria Labs Ltd, a company registered in England and Wales (company no. 16833519) ("CelEpi", "we", "us").

If you have any questions about this policy, contact us at hello@celepi.app.

Information we collect

  • Account identity. When you sign in with Google, we receive your name, email address and your Google account identifier.
  • Your email and contacts. When you connect a Gmail or IMAP mailbox, CelEpi accesses your messages and contacts and can send mail on your behalf, so it can show you your inbox and let you reply. To make the app fast, recent message content is cached on our server.
  • Credentials. Gmail access is granted through Google's OAuth — we store the resulting tokens encrypted (AES-256-GCM). For IMAP mailboxes (such as BT, Yahoo or Outlook) we store your mail password encrypted (AES-256-GCM). We never store credentials in plain text.
  • Settings and activity within CelEpi. For example your signature, AI preferences, approved and blocked senders, snoozed conversations, scheduled emails, and which attachments you have opened.
  • Waitlist. If you join the beta waitlist, we store the email address and any message you choose to add.
  • Technical data. Standard server logs needed to run and secure the service.

Google user data and Limited Use

To provide its features, CelEpi requests permission to read your Gmail messages, send mail on your behalf, modify message state (for example marking as read or moving to trash), and read your contacts to power address autocomplete.

CelEpi's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We use Google user data only to provide and improve the user-facing email features in CelEpi.
  • We do not transfer Google user data except as needed to provide those features (see "Service providers" below), for security or legal reasons, or with your consent.
  • We do not use Google user data for advertising, and we do not sell it.
  • No human reads your email except where you specifically ask us to, where necessary for security or to comply with the law, or where the data has been aggregated and anonymised.

AI features

Some optional features — such as Smart Reply, thread summaries and AI drafting — work by sending the relevant message text to an AI provider at the moment you use the feature, and only to generate that result. You choose the provider by entering your own API key (for example Anthropic, Groq or Google Gemini); if no key is set, these features are off. We do not use your email to train any model, and your use of a provider is also subject to that provider's own terms.

How we use your information

We use your information to operate CelEpi: to sign you in, display and send your mail, provide the features you choose, keep the service fast and secure, and respond to you. We do not sell your data and we do not show advertising.

Our lawful bases under UK GDPR are: performing our agreement with you (to provide the service), your consent (for optional features such as AI), and our legitimate interests (to keep the service secure and working well).

Service providers

We rely on a small number of trusted providers to run CelEpi. They process data only on our behalf and under contract:

  • Vercel — application hosting.
  • Neon — encrypted database.
  • Upstash — encrypted cache and backup.
  • Google — when you connect a Gmail account.
  • Your chosen AI provider — only when you use an AI feature, as described above.

Data retention

We keep your information for as long as your CelEpi account is active. Cached message content expires automatically over time. When you delete your account, we delete your stored credentials, settings and cached data and revoke CelEpi's access to your Google account; backups and logs are cleared within a short period afterwards. CelEpi never deletes mail held in your own Gmail or IMAP mailbox.

Security

All credentials are encrypted at rest with AES-256-GCM, and traffic is encrypted in transit. Access is limited to what is needed to run the service. No system can be guaranteed perfectly secure, but we work to protect your data and to hold as little of it as possible.

Your rights

Under UK GDPR you have the right to access, correct, delete or export your personal data, and to object to or restrict certain processing. You can delete your account and associated data at any time from Settings, and you can disconnect a mailbox or revoke CelEpi's Google access from your Google account permissions. To exercise any other right, contact hello@celepi.app. You also have the right to complain to the UK Information Commissioner's Office (ICO).

International transfers

Our providers may process data outside the United Kingdom or European Economic Area. Where they do, appropriate safeguards (such as standard contractual clauses) apply.

Children

CelEpi is not intended for anyone under 18, and we do not knowingly collect data from children.

Changes to this policy

We may update this policy as CelEpi develops. We will change the "last updated" date above and, for significant changes, let you know in the app.

Contact

CelEpi — operated by Etheria Labs Ltd, a company registered in England and Wales (company no. 16833519). Email hello@celepi.app.