Privacy Policy

Last updated: July 16, 2026

Routed Mail is an encrypted email service. This policy describes what data we collect, how the service processes it, and where the encryption boundary sits.

Who we are

Routed Mail is operated by Lee Valentine. Contact: support@routed.org.

Data we collect

Email address and display name

We store your email address as your mailbox identity. You may also provide a display name. We use these details to operate your account and mail service, not for advertising.

Email content

Stored message bodies and attachments are encrypted at rest. Routed transiently processes inbound plaintext to receive and deliver mail, apply spam and user filters, create mailbox metadata such as snippets, and encrypt the result for storage. If you enable an AI feature, plaintext needed for that feature is sent to Cloudflare Workers AI during processing; semantic-search embeddings are stored separately from the original text.

Drive files

We store the files, folder names, and related metadata you place in Routed Drive. File content is encrypted at rest. Routed processes file content when you upload or download it so the service can provide the requested operation.

Your password-derived key is not stored by Routed. Account recovery uses a separately wrapped recovery copy of your mailbox key whose private recovery key is held under an offline operator recovery process. This means "encrypted at rest" does not mean that no server-side processing or recovery path exists.

Device ID and push notification token

When you enable push notifications, we store device details and the push token needed to deliver new-mail alerts. These are linked to your account.

Crash data

If your device submits a crash report through Apple's crash-reporting settings, we may receive it to diagnose stability problems. We do not add advertising or third-party tracking SDKs to the app.

Security and operational data

We record security events such as sign-in, reauthentication, session revocation, and token refresh. These records can include your IP address, user agent, account or device identifier, event time, and limited diagnostic details. Application security audit records are retained for up to 90 days.

How we use your data

We do not sell your data or use it for advertising.

Infrastructure providers

Routed runs on Cloudflare infrastructure, including Workers, Durable Objects, D1, R2, Queues, Vectorize, and optional Workers AI. Cloudflare processes data as our infrastructure provider under its data-processing terms.

Data retention and account deletion

Messages remain stored until you delete them or an automatic retention rule applies. Spam is automatically purged after 7 days and Trash after 30 days. Backend cleanup can take up to 24 hours after a message is permanently deleted.

You can schedule account deletion from Mail settings. Scheduling starts a 24-hour grace period during which you can sign in and cancel. After that grace period, Routed permanently destroys the account's mailbox, files, settings, devices, and account records. Backups and provider-level deletion logs may remain for the limited periods required to operate and secure the service.

Security

Data in transit uses TLS. Stored mailbox content is encrypted at rest. No security system eliminates all risk; the processing and recovery boundaries above are part of the service design.

Changes to this policy

We will post changes here and update the date above.

Contact

Questions or privacy requests: support@routed.org