Sortfully docs
Main site Open app

Privacy & your data

Exactly what Sortfully can and can't see, and your controls.

Sortfully is built around one hard rule: it never reads the body of your messages or any attachment. This page sets out exactly what it does and doesn't read.

What Sortfully reads

To file a message by its sender, Sortfully reads routing metadata:

  • The sender's address and domain — to decide which organisation it's from.
  • The time the message arrived.
  • The folder structure of your mailbox — so it can file into the right place.

By default it also reads the subject line of filed messages and records it, with the sender address, in your own activity log (this is the detailed activity log, below). You can switch any mailbox to metadata-only.

What Sortfully never reads

  • The message body — never, under any setting.
  • The message preview — never, under any setting.
  • Attachments — never, under any setting.

This isn't only a promise. The single piece of code allowed to talk to Microsoft about messages is locked to an allow-list, and the project's automated build fails if any code ever tries to request a message body, preview or attachment. The subject line is read through one reviewed path only (the detailed log), and the same build gate blocks it anywhere else.

The detailed activity log

The detailed activity log is on by default, because it gives you a verifiable record of what was filed: alongside the sender domain, folder, mode and time, it records the subject line and sender address of each filed message in your log and exports. Message bodies and attachments are never touched either way.

You're offered the choice during setup, before you connect a mailbox, and you can change it per mailbox any time afterwards. Switch a mailbox to metadata-only and only the sender domain, folder, mode and time are kept; you can also purge the subjects and addresses already captured. On a team, an admin may manage this setting for everyone. See Settings.

How long records are kept

Your audit log entries are kept for a retention window — 30 days on a standard account, configurable (default 90) on business plans. Older entries are pruned automatically, and exports only cover entries still inside the window.

Your data, your control

  • Disconnect a mailbox at any time to remove its mappings, history and stored access. Your actual mailbox and folders are untouched. (Settings)
  • Cancel your plan and your data enters a recovery window before permanent deletion — resubscribe to keep it, or delete it immediately. (Billing)
  • Everything Sortfully has ever done is visible and reversible in the audit log.

Support diagnostics

If you contact support and they need to investigate, they can switch on temporary diagnostics for your account. While active you'll see a banner saying so, with an end time. Diagnostics collect anonymised technical data only — never your email content.

For the full legal detail, see the privacy policy, terms and data processing agreement on the main site.