Legal document
Privacy Policy.
Version 1.0 — working draft.
Effective date: [TO BE FILLED at publication]
Service operator: Black Pearl Retail & Consulting SARL — RCS Mulhouse 930 789 862 — 8 impasse des capucins, 68730 Blotzheim, France
This policy is written to be understood without a legal dictionary. Each section starts with a clear sentence, and the technical or regulatory wording comes after. If anything reads as unclear, write to us — the contact address is at the bottom of the page.
Contents ▾
- 1. What never leaves your machine, and what travels encrypted
- 2. Who operates this service
- 3. Which emails are read, by whom, why, and where
- 4. What Bostaji stores on your machine
- 5. Encrypted synchronization between your devices
- 6. What the AI engine sees
- 7. What we ask your mailbox for, and why
- 8. Cookies and analytics on this site
- 9. Our sub-processors
- 10. Technical security
- 11. What you can verify yourself
- 12. Your rights
- 13. Required Google disclosures
- 14. Changes to this policy
- 15. How to reach us
1. What never leaves your machine, and what travels encrypted
Bostaji is built so that as much as possible stays where it already is: on your computer and inside your mailbox. The table below shows exactly what happens, with no commercial varnish.
What never leaves your machine
- The full content of your emails
- Your attachments
- Your mailbox access keys (OAuth tokens or an app password)
- The local classification cache
- Drafts you are working on
What travels end-to-end encrypted between your devices
- Your sorting rules
- Your preferences
- The history of your sorting decisions
- Your corrections when Bostaji got it wrong
Encrypted synchronization between devices is optional. If you only use Bostaji on a single machine, sync is not enabled and nothing leaves your computer beyond the communication with the AI engine described below (section What the AI engine sees).
2. Who operates this service
Bostaji is operated by Black Pearl Retail & Consulting SARL — RCS Mulhouse 930 789 862 — 8 impasse des capucins, 68730 Blotzheim, France, a company established in France.
Under the General Data Protection Regulation (GDPR), Black Pearl Retail & Consulting SARL is the data controller for the personal data described in this document.
For any question about your personal data, your rights, or this policy, you can write to us:
- General contact: bostaji@bostaji.app
- Data protection requests: bostaji@bostaji.app
3. Which emails are read, by whom, why, and where
Bostaji is a supervised email assistant. It supports several mail services equally — Gmail, Outlook/Microsoft, and IMAP mailboxes (Yahoo, Orange, and others). When you connect your inbox, Bostaji starts reading incoming emails to classify them, file them in the right folders, suggest decisions to you, and learn from your corrections.
Who reads your emails
The Bostaji application installed on your computer. Not a remote server, not an employee, not a robot hosted elsewhere. The program runs on your machine and stays there.
Why your emails are read
To classify them (urgent, to-read, newsletter, etc.), to suggest rules, and to perform the actions you have validated (move to a folder, mark as read, archive). No email is read for advertising purposes, behavioural analysis, or resale. No email is ever used to train any AI model.
Where your emails are read
Your emails stay inside your mailbox (Gmail, Outlook/Microsoft or your IMAP mailbox). Bostaji connects to it with your permission, reads messages directly at your provider, and performs sorting actions on those same messages at your provider. Your emails are never copied to a Bostaji server. They never transit through any third-party infrastructure. The only exception is the communication with the AI engine, explained in section What the AI engine sees.
4. What Bostaji stores on your machine
To work, Bostaji saves a few things in a dedicated folder on your computer. All this data stays on your machine and can be deleted at any time from the application's menu.
| Type of data | Why | Retention period |
|---|---|---|
| Your sorting rules and preferences | To make sorting work | As long as you use Bostaji |
| Local cache of recent classifications | To avoid re-classifying the same email and to save calls to the AI engine | About 30 days |
| Technical log of actions | So you can review what was decided and correct it | About 90 days |
| Your corrections (when you override us) | To learn your preferences without guessing | As long as the account is active |
| Mailbox access key (OAuth token or app password) | So you don't have to reconnect every time you open the app | Until you revoke access on your provider's side |
Where exactly? In a folder dedicated to Bostaji on your computer. Your mailbox access keys are stored in the system keystore of your operating system: Keychain on macOS, DPAPI on Windows. They are never sent to any third-party server.
Deletion
You can delete all this data at any time from the application's settings (« Reset local data »). Uninstalling the application also removes this data.
5. Encrypted synchronization between your devices
If you use Bostaji across multiple devices (for example your work computer and your home computer), you can enable synchronization. What is synchronized between your devices is, and only is:
- Your sorting rules
- Your preferences
- The history of your sorting decisions
- Your corrections
Not your emails. Not the content of your messages. Not your attachments. Not your OAuth tokens. These items stay on each machine, regardless of whether sync is enabled.
How it is technically protected
Before leaving your machine, this data is encrypted with a key that exists only on your devices. The server that transports data between your machines sees encrypted files (we call them blobs) whose content it cannot read. Neither we, nor our hosting provider, can read them. Only your devices, which hold the key, can decrypt them.
This is what is called end-to-end encryption, but this protection applies only to this synchronization layer between your devices. It does not apply to the content of your emails, which has to be read in clear by the AI engine for classification (see section What the AI engine sees).
Where the synchronization server is hosted
With a certified European hosting provider, in a data centre located in the European Union. No transfer to the United States, no transfer outside the European Union for the encrypted blobs.
6. What the AI engine sees
To classify an email, Bostaji sends two things, and only two things, to the Mistral AI engine, provided by Mistral SAS, a French company based in Paris:
- The email's subject
- The email's body (the text of the message)
What is never sent to the AI engine:
- Your attachments
- The content of images embedded in the email
- Your mailbox access keys
- Your full contact list
- Your drafts in progress, your archives, your sent messages
- Your rules, preferences, or corrections (which Bostaji processes locally)
Mistral SAS, in plain terms
Mistral SAS is a French company. Its servers are in Europe. Mistral provides the AI model that helps Bostaji understand the meaning of an email (« is this an urgent message? a newsletter? an invoice? ») and propose a classification.
No training on your emails
Mistral SAS does not use your emails to train its models. This is a contractual condition that Black Pearl Retail & Consulting SARL has negotiated and that is part of the data processing agreement signed with Mistral. Your emails are used to classify a single email at a single moment, and that's it.
No other AI engine, no other third party
Bostaji does not transmit any data to any third-party AI provider or email service. The only AI engine used is Mistral, and the only email provider connected to your account is the one you have connected yourself (Gmail, Outlook/Microsoft, or an IMAP mailbox such as Yahoo or Orange).
Local cache to limit calls
When Bostaji has already classified an email, the result is cached on your machine to avoid asking Mistral for the same classification again. This cache is local, can be deleted, and is never sent to Mistral.
7. What we ask your mailbox for, and why
To sort your emails for you, Bostaji needs a few permissions on your mailbox. The exact detail depends on your provider, because each one has its own authorization system. In every case, Bostaji asks for the strict minimum for a sorting assistant, and never more.
What Bostaji can do on your mailbox
- Read your emails in order to classify them.
- Move an email from one folder to another (on Gmail, this is « adding a label »).
- Mark an email as read or unread.
- Archive an email.
- Send an email to the trash (where it stays recoverable for the period set by your provider — 30 days by default on Gmail).
What Bostaji never does
- Send an email on your behalf without your validation. Bostaji may prepare a draft, on every plan, but you click « send », never Bostaji alone.
- Permanently delete an email. Whatever the provider, Bostaji never uses permanent deletion. The worst it can do is send a message to the trash, where it stays recoverable.
- Modify the content of an existing email.
- Access your full address book beyond the addresses present in the emails you let it read.
The technical detail, by provider
For people who want the exact list of requested permissions:
- Gmail (Google). Bostaji requests the
gmail.modifypermission, which bundles exactly the sorting actions listed above. It is the minimum permission for a sorting assistant. The send permission (gmail.send) is only requested if you use a feature that needs it. - Outlook / Microsoft. Via Microsoft Graph, Bostaji requests
Mail.ReadWrite(read and organize your messages),Mail.Send(send a draft you have validated),Calendars.Read(read your calendar to suggest meeting slots) andMailboxSettings.Read(read your mailbox settings, such as your time zone). On Microsoft, sending requires a separate permission, which is whyMail.Sendis listed on its own. - IMAP mailbox (Yahoo, Orange, etc.). IMAP has no granular permission system: you provide credentials — often an « app password » created at your provider — that Bostaji keeps in the system keystore. Bostaji then limits itself, by design, to the same sorting actions as above, and never uses permanent deletion.
9. Our sub-processors
To deliver the Bostaji service, Black Pearl Retail & Consulting SARL uses two technical sub-processors. These are the only two.
| Sub-processor | Role | Location |
|---|---|---|
| Mistral SAS | AI engine (email classification) | France (Paris) — European Union |
| Certified European hosting provider | Hosting of the encrypted synchronization server between your devices | European Union |
These sub-processors are contractually bound to comply with the GDPR and to process the data only for the purposes described in this policy. No other third party has access to your data.
No resale, no sharing for advertising
Bostaji does not sell any personal data. Bostaji does not share any data for advertising purposes. Bostaji does not perform marketing profiling. The only purpose for processing your emails is to classify them for you.
10. Technical security
Here are the concrete measures Bostaji puts in place to protect your data.
- Encrypted communications in transit (TLS). All Bostaji network communications (to your mailbox, to Mistral, to the synchronization server) go over TLS, the standard secure web protocol.
- Data encrypted at rest on the synchronization server (AES-256). Blobs synchronized between your devices are stored encrypted on the server, on top of the end-to-end encryption.
- Mailbox access keys kept in the system keystore. Your access keys (OAuth tokens for Gmail and Outlook/Microsoft, an app password for an IMAP mailbox) are stored in macOS Keychain or Windows DPAPI. They are never written in clear in a file accessible by other applications, and never sent to any third-party server.
- No automatic email sending. Bostaji never triggers an email send without your explicit validation.
- No permanent deletion of email. Whatever the provider, Bostaji never uses permanent deletion.
- Human validation for sensitive actions. When the classification of an email is doubtful, Bostaji asks you, rather than deciding alone.
The service is currently in private closed beta, during which Bostaji runs in OAuth Google Testing mode. At the time of public opening, an independent security audit (CASA Tier 2) will be conducted by a Google-recognized laboratory in view of Production verification.
11. What you can verify yourself
A privacy policy is useful, but it's words. What really matters is what you can verify with your own eyes inside the product.
Bostaji is built to make every proposal observable. In the application's Stats menu, you have access to a journal that shows:
- the list of decisions made by Bostaji on your emails;
- for each, the reason given by Bostaji and the source of that reason (the email concerned);
- the confidence level and the risk level attached to the decision;
- whether the decision was reversible, and whether you validated or corrected Bostaji;
- the aggregation by feature (how many newsletter classifications, how many archives, how many corrections, etc.).
You don't have to take our word for it: open the Stats menu, read the journal, push back if you see a gap.
This transparency is voluntary, and it is a product commitment. If at any point this traceability disappears or becomes incomplete, that is a problem. Write to us (contact section).
12. Your rights
Under the General Data Protection Regulation and the French « Informatique et Libertés » Act, you have the following rights over your personal data.
- Right of access. You can ask what personal data Black Pearl Retail & Consulting SARL holds about you.
- Right to rectification. You can ask for inaccurate personal data to be corrected.
- Right to erasure (« right to be forgotten »). You can ask for your data to be deleted. Locally: it is immediate from the application. On the synchronization server: within 30 days.
- Right to data portability. You can retrieve your rules, preferences and history in a reusable format (JSON).
- Right to object. You can object to a specific processing.
- Right to withdraw consent at any time. In particular, you can revoke Bostaji's access from your account settings (Google or Microsoft), remove an IMAP mailbox's credentials from Bostaji, and uninstall the application.
- Right to lodge a complaint with a supervisory authority. In France, that is the CNIL (Commission Nationale de l'Informatique et des Libertés). You can contact it directly without notifying us.
To exercise any of these rights, write to bostaji@bostaji.app. We will reply within one month at most, in line with Article 12 GDPR.
13. Required Google disclosures
Bostaji uses Google API Services to connect to your Gmail inbox.
Bostaji's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
Concretely, and in compliance with the Limited Use Policy:
- Data received via Google APIs is used only to provide and improve user-facing email sorting features of Bostaji.
- This data is never transferred to third parties, except (a) as necessary to provide or improve user-facing features, (b) for security reasons, or (c) to comply with a legal obligation.
- This data is never used for advertising, including targeted or personalized advertising.
- This data is never used to train generalized AI models.
- No human employee or contractor of Black Pearl Retail & Consulting SARL reads the content of your emails, except (a) with your explicit permission, (b) for security reasons, (c) to comply with a legal obligation, or (d) where data is aggregated and used for internal anonymized purposes.
For Outlook/Microsoft, Bostaji accesses your mailbox via Microsoft Graph, in compliance with the Microsoft APIs Terms of Use and following the same limited-use principle: the data is used only for the user-facing sorting features, never for advertising or to train generalized AI models. For an IMAP mailbox, Bostaji connects directly to your provider with your credentials, without going through any third-party API platform.
14. Changes to this policy
This policy may evolve. When we change it, we update the effective date at the top of the page. For material changes (adding a sub-processor, modifying the scope of data processed, adding a new purpose), we notify you by email at least 30 days before the new version takes effect.
Previous versions of this policy remain available for legal traceability, on request to bostaji@bostaji.app.
15. How to reach us
For any question relating to this policy or to your personal data:
- General contact email: bostaji@bostaji.app
- GDPR requests email (access, rectification, erasure, portability): bostaji@bostaji.app
- Postal address: 8 impasse des capucins, 68730 Blotzheim, France
For any concern about your rights, you can also contact the CNIL directly, without notifying us.
Privacy policy of Bostaji — version 1.0 — working draft.
Effective date: [TO BE FILLED at publication].
Operator: Black Pearl Retail & Consulting SARL — RCS Mulhouse 930 789 862 — 8 impasse des capucins, 68730 Blotzheim, France.