VigilVigil

Data & Privacy

Your data. Your control.

Vigil is built on a simple principle: we process your email without keeping it. This page explains exactly what we store, what we discard, how we protect what remains, and what rights you have over your data.

What Vigil Never Has Access To

  • Your inbox. Vigil never connects to Gmail, Outlook, or any email provider. No OAuth tokens, no API connections, no inbox permissions. You forward emails to us. We only see what you choose to send.
  • Email bodies. The content of every email is processed in memory and discarded immediately after analysis. Email bodies are never written to disk, never stored in a database, never logged. We cannot retrieve the original content of any email.
  • Attachments. We do not process, store, or read email attachments.

What We Store

We store only what the agent needs to track your obligations over time:

  • Email metadata — sender address, recipient address, subject line, timestamps (when it was sent, when it was delivered, when Vigil received it). This is the envelope, not the letter.
  • Agent analysis — a one-sentence summary, the sender's intent, urgency level, and extracted entities (names, dates, amounts). This is generated by AI, not raw email content.
  • Thread state — conversation groupings, status (active/watching/resolved/ignored), participant list, email count.
  • Agent memories — atomic facts the agent chose to remember: deadlines, amounts, commitments. Each memory has an importance level and can be viewed, edited, or deleted by you.
  • Action log — every decision the agent made: what tool it used, why, what model processed it, how much it cost, how long it took.
  • Account data — email address, hashed password, BYOK API keys (stored encrypted).

What You Can See and Do

Every piece of data Vigil stores about you is visible in your dashboard:

  • Inbox tab — every email that was processed, with the agent's analysis
  • Activity tab — every action the agent took, with its reasoning
  • Memory tab — every fact the agent remembers, editable and deletable by you
  • Settings — your agent's prompt, tools, reactivity, model, and channels
  • Developer page — your API keys with usage tracking
  • Billing page — your current usage and cost, with Stripe portal access

You have full visibility into everything Vigil knows about you. There is no hidden data.

Data Protection Measures

Encryption

  • All data in transit is encrypted via TLS 1.2+ (HTTPS enforced with HSTS)
  • Passwords are hashed with industry-standard one-way hashing (never stored in plain text)
  • API keys are hashed before storage — we cannot see your full key after creation

Access Control

  • Authentication via JWT tokens with short expiry
  • API key authentication for programmatic access
  • Rate limiting on all endpoints (auth, API, email ingestion)
  • CORS restricted to vigil.run domains only

Infrastructure Security

  • Firewall: only ports 22 (SSH, key-only), 80, and 443 are open
  • SSH: password authentication disabled, key-based access only
  • SSL certificates auto-renewed via Let's Encrypt
  • Security headers: HSTS, X-Frame-Options DENY, Content-Type-Options nosniff, XSS protection
  • Webhook payloads signed with HMAC-SHA256 for verification

Email Body Discarding

When an email arrives, it is parsed in memory. The agent reads the body, generates its analysis, and the body is then discarded. A SHA-256 hash of the body is stored as a proof-of-receipt (cryptographic proof that we received a specific email, without storing the content). This hash cannot be reversed to recover the original email.

Third-Party Services

  • Stripe — handles payment processing. We never see your full card number. Stripe's privacy policy applies to payment data.
  • OpenAI / Anthropic / Google — email content is sent to the selected AI model provider for analysis. Their data processing terms apply. Email content is not stored by these providers for model training when using API access.
  • Resend — delivers alert emails. Receives only the alert content (not the original email body).
  • Cloudflare — routes incoming email via MX records. Processes raw MIME data in transit.

Data Retention

  • Email metadata and analysis — retained until you delete the thread or your account
  • Agent memories — retained until you delete them, the agent marks them obsolete, or you delete your account
  • Action logs — retained for the lifetime of the watcher
  • Account data — retained until you delete your account

Your Rights

  • Access — all your data is visible in your dashboard at all times
  • Edit — you can edit agent memories and watcher configuration
  • Delete — you can delete individual threads, memories, watchers, or your entire account
  • Export — you can access all your data via the API using your API key
  • Portability — your data is accessible via standard REST API in JSON format

Account Deletion

When you delete your account, all associated data is permanently removed: watchers, threads, email metadata, memories, action logs, and API keys. This action is irreversible.

Changes to This Policy

If we change how we handle your data, we will notify you via the email address on your account before the changes take effect. Continued use of Vigil after notification constitutes acceptance of the updated policy.

Contact

Questions about your data or privacy? Email privacy@vigil.run.

Last updated: March 14, 2026