AI Security & Privacy Overview

Data handling for Emailgistics AI features

Executive Summary

Emailgistics offers two AI-powered features built on cloud infrastructure from Microsoft Azure and Google:

AI Summarization uses Azure AI Foundry.
AI Suggested Replies uses Google's Gemini Developer API.

Consistent with our core platform commitment, Emailgistics does not store your email content—all messages remain in Microsoft 365. However, when AI features are used, prompts (which may contain message content) may be temporarily retained by our AI providers for abuse monitoring.

This document outlines the technical safeguards and data handling practices for these features.

AI Summarization (Powered by Azure AI Foundry)

Emailgistics uses Azure AI Foundry to provide intelligent email thread summarization, helping teams quickly understand lengthy conversations.

How It Works

When summarization is requested by an Emailgistics add-in user, email content (subject and body) is sent to Azure AI Foundry
The AI generates a summary and returns it immediately
Emailgistics does not store email content; Microsoft may retain prompts temporarily for abuse monitoring (which may include human review under default configurations)

Data Privacy & Ownership

No model training: Prompts and outputs are not used to train any generative AI foundation models
Tenant isolation: Each customer's requests are processed in isolation
Processing/data residency: Data is processed and logs are stored in the United States

Security Controls

Feature	Description
Encryption at Rest	AES-256 encryption
Encryption in Transit	TLS 1.2+ for all API communications
API Key Encryption	All API keys are encrypted at rest in Emailgistics
Rate Limiting	Per-customer, per-user, and per-mailbox rate limits prevent abuse
Azure Abuse Monitoring	Azure platform-level detection of misuse

Content Safety

Guardrail policies for content filtering
Jailbreak attack detection
Safety controls

Compliance Note

AI Summarization uses Azure AI Foundry. With default configurations, prompts may be logged and reviewed by Microsoft for abuse detection. Users should not include sensitive personal information (PHI, PCI data) in content processed by this feature. Enterprise Plan customers with strict regulatory requirements (HIPAA, PCI-DSS) may contact Emailgistics to discuss alternative configurations.

AI Summarization currently uses Azure OpenAI models deployed in the US East region. Model and region configurations may be updated to maintain service reliability; we will provide advance notice for changes that materially affect data residency.

Azure AI Foundry Certifications (per Microsoft)

Certification	Status
SOC 1, SOC 2, SOC 3	✓ Available
ISO 27001, 27017, 27018, 27701	✓ Available
GDPR	✓ Available
HIPAA	Contact us*
PCI-DSS	Contact us*

*HIPAA/PCI-DSS support for AI Summarization requires Enterprise plan, modified abuse monitoring configuration, applicable contractual terms (e.g., BAA), and documented risk assessment. Not enabled by default. Contact Emailgistics for details.

AI Suggested Replies (Powered by Google Gemini Developer API)

Emailgistics uses Google's Gemini Developer API File Search capability to provide intelligent reply suggestions based on your organization's knowledge base documents.

How It Works

Administrators upload knowledge base documents (policies, FAQs, templates)
Documents are stored in a dedicated Gemini File Search Store per mailbox
When a reply suggestion is requested, Gemini searches relevant documents
AI generates contextually appropriate reply suggestions
Each mailbox has its own isolated document store

Data Privacy & Ownership

No model training: Prompts and outputs are not used to train Google models
Mailbox-level isolation: Each mailbox has a dedicated File Search Store
No third-party sales: Emailgistics and Google never sell customer data to third parties
No advertising use: Customer data is not used for advertising

Security Controls

Feature	Description
Per-Mailbox Isolation	Logically isolated File Search Store per mailbox prevents cross-contamination
API Key Encryption	All API keys encrypted at rest using Emailgistics encryption
Encryption at Rest	Google-managed AES-256 encryption for all stored documents
Processing Location	Prompts processed via Google's global infrastructure; no guaranteed data residency
Document Lifecycle Management	Full control to upload, update, and delete documents

Document Management

Upload PDF, text, and other document formats
Complete document deletion capability

Compliance Note

AI Suggested Replies uses Google's Gemini Developer API (Generative Language API). Per Google's terms:

Consideration	Status
Data used for model training	No
Prompts logged for abuse detection	Yes (temporary)
Human review of prompts	Possible
Published compliance certifications	Not available for this API

This feature is not suitable for processing PHI, PCI data, or other regulated information.

Knowledge base documents should contain general policies, FAQs, and templates—not sensitive customer data.

Architecture Overview

┌────────────────────────────────────────────────────────────────────────┐
│                            Microsoft 365                               │
│  ┌──────────────────────────────────────────────────────────────────┐  │
│  │  Shared Mailbox ([email protected])                            │  │
│  │  • Email content stored here                                     │  │
│  │  • Emailgistics metadata stored as Outlook categories/props      │  │
│  └──────────────────────────────────────────────────────────────────┘  │
└────────────────────────────────────────────────────────────────────────┘
                                    │
                                    │ Graph API
                                    ▼
┌────────────────────────────────────────────────────────────────────────┐
│                          Emailgistics Platform                         │
│  ┌─────────────────┐    ┌─────────────────┐    ┌─────────────────┐     │
│  │  Outlook Add-in │───▶│   AI Service    │───▶│  Encrypted Key  │     │
│  │  (User Request) │    │  (Rate Limited) │    │    Storage      │     │
│  └─────────────────┘    └────────┬────────┘    └─────────────────┘     │
│                                  │                                     │
└──────────────────────────────────┼─────────────────────────────────────┘
                                   │ TLS 1.2+ (transient processing)
                   ┌───────────────┴───────────────┐
                   │                               │
          ┌────────▼────────┐             ┌───────▼─────────┐
          │  Azure AI       │             │  Google Gemini  │
          │  Foundry        │             │  File Search    │
          │                 │             │                 │
          │ • Summarization │             │ • Reply Suggest │
          │ • No training   │             │ • Per-mailbox   │
          │ • US East region│             │   document store│
          │                 │             │ • No training   │
          └─────────────────┘             └─────────────────┘

Frequently Asked Questions

Is our email content stored by Emailgistics?

No. Emailgistics never stores email content. All messages remain in your Microsoft 365 environment. However, when AI features are used, prompts (which may contain message content) are temporarily logged by our AI providers for abuse detection purposes. Azure retains this data temporarily with optional human review; Google's Gemini API also logs prompts temporarily for abuse monitoring.

Is our data used to train AI models?

No. Neither Azure nor Google uses your prompts, outputs, or organizational data to train their foundation models:

Azure: Covered under Microsoft's enterprise terms and Data Processing Addendum.
Google Gemini Developer API: Per Google's published API terms for the paid tier.

Where is our data processed?

AI Summarization is processed in the United States. AI Suggested Replies uses Google's global infrastructure; no guaranteed processing/data residency.

How is AI usage rate-limited?

Emailgistics implements per-customer, per-user, and per-mailbox rate limiting to prevent abuse and ensure fair usage across all customers.

Can we delete our knowledge base documents?

Yes. You have complete control over documents uploaded for AI Suggested Replies. Documents can be uploaded, updated, or deleted at any time through Emailgistics administration.

Emailgistics Platform Compliance

The Emailgistics platform (independent of AI features) maintains:

SOC 2 Type II certified
GDPR compliant
HIPAA compliant (platform can support HIPAA-regulated customers under a BAA; AI features are excluded unless explicitly contracted and configured)
Microsoft Certified Partner

Our Privacy Commitment

Emailgistics stores email metadata only—message content is never stored on our servers. AI features receive only the minimum data necessary to generate summaries or reply suggestions. Note that our AI providers may temporarily log prompts for abuse detection as described in the feature-specific sections above.

Customer Controls

Emailgistics provides administrators with the following controls for AI features:

Control	Description
Feature Enablement	AI features can be enabled or disabled at the tenant level
User Access	Administrators control which users can access AI features
Knowledge Base Management	Full control to upload, update, and delete documents used for AI Suggested Replies
Document Deletion	Complete removal of uploaded documents from Gemini File Search Stores

Subprocessors

The following third parties process data as part of Emailgistics AI features:

Subprocessor	Feature	Data Processed
Microsoft Corporation (Azure AI Foundry)	AI Summarization	Email subject and body content
Google LLC (Gemini Developer API)	AI Suggested Replies	Knowledge base documents; email subject and body content

For the complete list of Emailgistics subprocessors, contact [email protected].

Contact

For additional information, please contact your account representative or email [email protected].