Sortfully
Private beta Start free trial
How it works Privacy Filing modes For teams Pricing FAQ Start free trial
Legal Draft

Sortfully Privacy Policy

This policy explains what personal data Sortfully collects, why, and what rights you have. The defining feature of Sortfully is what it doesn't collect: we never read the content of your emails — not the body, not attachments, and not the subject line unless the detailed filing log is on (it's on by default, and you can turn it off at any time). This isn't just a promise; it's enforced in our code. See "What we never access" below.

1. Who we are

Sortfully is operated by Adam Harman, a sole trader trading as "Sortfully". We are the "data controller" for the personal data described in this policy, except where we act as a "data processor" for business customers (see Section 11).

  • Contact / privacy questions: dpo@sortfully.app

2. What Sortfully does

Sortfully connects to your Microsoft Outlook / Microsoft 365 mailbox and automatically files incoming mail into folders (or applies colour-coded category labels) grouped by the sender's organisation domain. To do this, it reads only routing metadata about your messages — who sent them and when — never their content.

a. Account information

  • Your email address and display name.
  • A password, only if you create one (accounts that sign in with Microsoft don't need one).
  • Your Microsoft account identifiers (object ID and user principal name), used to identify your mailbox.
  • Two-factor authentication trusted-device tokens, stored only as a hash.

b. Mailbox routing metadata

For each message we file, we process only the following fields, and no others:

  • Message ID and internet message ID (to locate and undo moves)
  • Sender address and domain (to decide the destination folder)
  • Folder the message is in
  • Date/time received
  • Outlook categories (your own labels) and read/unread status

We hold a connection ("refresh") token to your mailbox so filing can run in the background. It is encrypted at rest and is never written to logs.

c. Optional detailed filing log ("enhanced audit")

This is on by default — it's the recommended setting — and you can turn it off at any time. You're offered the choice during setup, before you connect your mailbox, so if you switch it off first, nothing beyond routing metadata is ever logged. (Your organisation's admin can also set this for everyone.) While it's on, your filing log also records the subject line and sender address of filed messages, so you can see exactly what was moved. Even so, message bodies and attachments are still never accessed.

d. Billing information

Payments are handled by our payment provider, Paddle, which acts as the merchant of record. We store your subscription status, plan, seat count, and Paddle customer/subscription identifiers. We do not store your full card details — Paddle does.

e. Anti-abuse fingerprint

To enforce our "one free trial per person" rule, when a trial ends we keep a one-way cryptographic fingerprint (HMAC) of your email address — never the plaintext address, and with no link back to your account. This lets us recognise a repeat trial without storing who you are, and it deliberately survives account deletion.

f. Technical and security data

Standard server and security logs (e.g. IP address, timestamps, error diagnostics) used to operate the service, prevent abuse, and debug problems.

4. What we never access

This is enforced in our code, not just our policy. Every read of your mailbox passes through a single component that is hard-coded to request only the metadata fields listed in Section 3(b)/(c). It will refuse — and our automated build will fail — if any code ever tries to request:

  • the body or body preview of a message
  • the subject line (except through the single reviewed path used for the detailed filing log)

We cannot read your email content, and we do not sell your data.

WhatWhyLegal basis (UK/EU GDPR)
Account & mailbox metadataTo provide the filing service you asked forPerformance of a contract (Art. 6(1)(b))
Microsoft connection tokenTo file mail in the backgroundPerformance of a contract
Billing dataTo take payment and manage your subscriptionPerformance of a contract
Security logs, 2FA, anti-abuse fingerprintTo keep accounts secure and prevent trial abuseLegitimate interests (Art. 6(1)(f))
Detailed filing log (subject line + sender address in your activity log)To give you a fuller, verifiable record of what was filedLegitimate interests (Art. 6(1)(f)) — on by default with an easy opt-out, including before you connect your mailbox; see our Legitimate Interests Assessment
Service emails (password resets, billing notices)To operate your accountPerformance of a contract / legitimate interests

6. Microsoft permissions we request

When you connect your mailbox, Microsoft asks you to consent to these permissions. We request the minimum needed to file mail:

  • Mail.ReadWrite (and Mail.ReadWrite.Shared for shared mailboxes) — to read message metadata and move messages between folders
  • MailboxSettings.ReadWrite — to coexist with your existing Outlook inbox rules
  • offline_access — to keep filing running in the background
  • openid / profile / email — to identify your account at sign-in

You can revoke Sortfully's access at any time from your Microsoft account, which stops all filing.

7. Who we share data with (our processors)

We share data only with service providers who help us run Sortfully, under contract and only as needed:

  • Microsoft — your mailbox provider; we act on the metadata it exposes.
  • Paddle — payment processing and invoicing (merchant of record).

We do not sell personal data and do not share it for advertising.

8. Where your data is stored

Your data is stored on servers in the European Union. Some of our service providers may process limited data outside the EU — for example Paddle (payment processing) operates internationally. Where personal data is transferred outside the EU/EEA, it is protected by appropriate safeguards such as the EU Standard Contractual Clauses.

9. How long we keep your data

  • Filing logs: kept for a rolling window, then automatically deleted. 30 days for individual (Standard) accounts; business organisations default to 90 days, configurable by an admin (minimum 30).
  • Account, mailbox and billing data: kept while your account is active.
  • After cancellation: your account is disconnected and your data is scheduled for deletion after a 30-day grace period, during which you can recover everything by re-subscribing. You can also choose to delete immediately. After the grace period a daily process permanently and irreversibly purges your data.
  • Anti-abuse fingerprint: the one-way email fingerprint (Section 3(e)) is retained after deletion to enforce the one-trial rule.

10. Your rights

Depending on where you live, you have rights over your personal data. Under UK and EU GDPR you can request to access, correct, delete, restrict, port, or object to processing, and withdraw consent at any time. Under the California CCPA/CPRA you can request to know, delete, and correct your data and to opt out of "sale"/"sharing" (we do neither).

Some of these are built into the product already:

  • Access / portability: export your filing log as a CSV from your dashboard.
  • Erasure: delete your account and data from settings (immediately, or at the end of the 30-day grace).
  • Turn it off: switch the detailed filing log off at any time — including during setup, before you connect your mailbox.

To make any other request, contact us at dpo@sortfully.app. We respond within one month (UK/EU) or 45 days (California); we may extend this for complex requests and will tell you if we do. You can also complain to the UK Information Commissioner's Office (ico.org.uk) or your local supervisory authority.

Note on email metadata about other people: your filing log contains the domains/addresses of people who emailed you. We process this on your behalf and cannot identify or contact those senders ourselves; you control this data through your retention setting and by exporting or deleting your log.

11. Business customers: when we act as a processor

If your organisation connects its members' mailboxes and sets an organisation-wide retention policy, your organisation is the data controller for that mailbox metadata and Sortfully acts as your data processor, processing it on your instructions. A Data Processing Agreement is available — contact us at dpo@sortfully.app. (For account and billing data, and for individual accounts, Sortfully is the controller.)

12. Children

Sortfully is intended for adults and is not directed at children. We do not knowingly collect data from anyone under 16. If you believe a child has provided us with personal data, contact us at dpo@sortfully.app and we will delete it.

13. Cookies

We use only the cookies necessary to run the service — for example to keep you signed in and to remember a trusted device for two-factor authentication.

14. Changes to this policy

We'll update this policy as the product changes and post the new version here with a revised "last updated" date. For significant changes we'll notify you by email or in the app.