Legal · Privacy

Privacy Policy

Last updated: June 3, 2026

Mabel is a private email assistant operated by Baseline Logic LLC. This policy explains what we collect, why, who we share it with, and the choices you have. The defining principle is simple: the assistant reads only the messages you choose to send it — never your inbox.

The short version

Mabel works over ordinary email, which is not end-to-end encrypted. Your message is visible to the mail systems and services it passes through on the way to and from us, and to write your reply we send its content to our AI providers. Treat it like any normal email — don’t send anything you’d be uncomfortable sending that way.
We can’t see anything else. We have no access to the rest of your mailbox, your contacts, your calendar, or your files — only the specific message you send the assistant.
We keep a conversation only while it’s active. So the assistant can follow a back-and-forth, the content of your messages and our replies stays with the email thread for up to 24 hours after your most recent message, then it’s automatically deleted. The only lasting records are your account details and a short, editable memory note — and you can delete those at any time.
We don’t sell your personal data or use it for advertising, and we instruct our AI providers not to train on it.

01 Who we are

Mabel (“Mabel,” the “Service,” “we,” “us,” or “our”) is a personal email assistant operated by Baseline Logic LLC, a limited liability company based in Colorado, United States. Baseline Logic LLC is the data controller responsible for the personal information described in this policy.

You interact with the Service by sending email to its assistant address (for example, [email protected]) and receiving replies. This policy also covers our marketing website at mabel.email, including the early-access request form.

02 On discretion

Most assistants earn their usefulness by reading everything you have — your full inbox, calendar, contacts, and files. Mabel takes the opposite approach. There is no inbox sync, no OAuth connection to your mail provider, no browser extension, and no app to install.

The assistant only ever receives the specific message you forward or write to it. Nothing before it, nothing after it, and nothing else in your mailbox is visible to us. The act of forwarding a message is the act of consent to process that message. This is the core of how the Service works, and it shapes everything below.

This is about access, not secrecy. It means we never reach into anything you didn’t send — but the message you do send still travels as ordinary, non-end-to-end-encrypted email and is processed by our AI providers to generate your reply (see section 7). Treat it as you would any email. What sets Mabel apart is not that the channel is secret, but that once your message is answered we hold on to your conversation only while it’s active — up to 24 hours after your last message — and then let it go (with one further exception for email delivery, noted under Data retention).

03 Information we collect

Messages you send the assistant

When you email the assistant, we receive the content of that message — the body text, the subject line, and any attachments or images — so we can act on it. We keep it only while your conversation is active. The content is retained with the email thread for up to 24 hours after your most recent message in that thread — so the assistant can follow a back-and-forth — and is then automatically deleted (see Data retention). Forwarded images and files are processed to generate your reply and deleted right away; we keep only a short text description of them for that same window, never the file itself. We do not retain the raw email. A second, provider-side exception for email delivery is described under Data retention.

Because you decide what to send, you control what we receive. Note that while we generate your reply, the content is transmitted to the AI providers described in section 7. Please avoid forwarding information you do not want processed by an AI assistant — for example, highly sensitive personal, financial, or health details — unless you are comfortable with that processing.

Account information

Mabel is currently invite-only. When you are added, we store your email address, an optional display name, your account status, usage quotas, and any internal notes our team records about your invitation. If you request early access through our website, we collect the email address you submit and any optional details you provide (such as which examples interested you).

Your memory note

To make replies more useful, the assistant maintains a short, human-readable note about you (an evolving summary built from your exchanges — for example, “prefers concise answers” or “favorite cuisine is Thai”). This note is sent to the AI model with each request so the assistant can keep context across messages. You can ask us to view, correct, or delete it at any time.

Usage and operational data

We retain aggregate metadata needed to run and bill the Service: counts of messages and timestamps, which AI model handled a request, token counts and cost estimates, and job status. This data does not include the content of your messages. We use it for quota enforcement, billing accuracy, abuse prevention, and basic reliability monitoring.

Website and email-authentication data

When you visit our website, our hosting and edge providers automatically log standard technical information such as IP address, browser type, and timestamps for security and reliability. Inbound email is checked against standard sender-authentication signals (SPF, DKIM, and DMARC) to reject spoofed mail; the results of those checks are processed as part of accepting your message.

04 What we do not collect

We do not connect to, sync, or read your mailbox.
We do not request OAuth permissions or access tokens to your email account.
We do not access your contacts, calendar, or files.
We do not install browser extensions or device software.
We do not track your activity across other websites or build advertising profiles.
We do not keep the content of your messages or our replies beyond the active-conversation window — up to 24 hours after your most recent message in a thread (see Data retention).

05 How we use information

We use the information we collect to:

Process the request in your message and send you a useful reply;
Maintain conversational context through your memory note;
Enforce usage quotas and prevent abuse, spoofing, and fraud;
Operate, secure, monitor, and debug the Service;
Communicate with you about the Service, including early-access onboarding and important notices;
Comply with our legal obligations.

We do not use your messages or memory note to build advertising profiles, and we do not sell them.

06 Legal bases (GDPR)

If you are in the European Economic Area or the United Kingdom, we process your personal data under the following legal bases:

Performance of a contract — to provide the assistant service you requested by sending a message.
Consent — your choice to forward a specific message, and to let the assistant keep a memory note, which you may withdraw at any time.
Legitimate interests — to secure the Service, prevent abuse, and operate our business, balanced against your rights.
Legal obligation — where we must retain or disclose data to comply with the law.

07 How your message is processed & shared

Mabel is built on a small number of trusted infrastructure and AI providers. To generate a reply, the content of your message and your memory note are transmitted to AI providers who run the language models that produce the answer. We do not sell your personal data to anyone. We share data only with the service providers (“subprocessors”) below, who process it on our behalf under contractual confidentiality and data-protection terms:

Provider	Purpose	Data involved
OpenRouter	AI gateway that routes each request to a language model, and runs a web search when the model needs current information.	Your message content, subject, and memory note; search queries derived from your request.
AI model providers	Generate the reply, reached through OpenRouter. With automatic routing the specific model varies per request among OpenRouter’s vetted providers — currently including Anthropic (Claude), Google (Gemini), and OpenAI.	Your message content, subject, and memory note.
Cloudflare	Inbound email routing to the assistant, hosting for our website, processing of early-access form submissions, and access control for our internal admin tools.	Inbound messages in transit, form submissions, and website server logs.
Fly.io	Hosting for our application and its database.	Account info, your memory note, and usage metadata at rest; conversation content kept only while a thread is active (up to 24 hours after the last message), then deleted.
Resend	Delivers the email replies and notifications we send.	Your email address and the content of the messages we send you (which quote your original message); stored for up to 30 days, then deleted.
Google	Web fonts on our website only.	IP address and related technical data when you load the site.

As we add features (for example, image generation), we may engage additional providers and will update this list. We may also disclose information if required by law, to enforce our terms, or to protect the rights, safety, and security of our users or the public. If Baseline Logic LLC is involved in a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction, subject to this policy.

We do not sell your personal data, and we do not share it for targeted advertising, cross-context behavioral advertising, or profiling (as those terms are defined under laws such as the California Consumer Privacy Act). The only routine sharing we do is with the service providers listed above, to operate the Service.

08 AI model training

We do not use your messages or memory note to train AI models. We select our AI providers and configure their data settings with the intent that your content is not used to train their models. Some providers may retain inputs for a short period for security and abuse-monitoring purposes before deletion, in line with their own published policies. Because the specific model handling a request can vary, we encourage you not to send content you would not want processed by a third-party AI service.

09 Data retention

Conversation content — kept only while a thread is active (up to 24 hours)

To follow a back-and-forth, the assistant needs to remember the conversation you’re having. So while a conversation is active, we keep the content of your messages and our replies — the body text, the subject, and a short text description of any image or file you forward — attached to that email thread. We keep it for up to 24 hours after your most recent message in the thread. This is a rolling window: each new message resets the clock, so an ongoing conversation stays available and an abandoned one expires. Once a thread goes quiet for 24 hours, that content is automatically deleted from our database.

We chose the shortest window that still lets a normal conversation work — long enough to reply, ask a follow-up, and circle back later the same day, but short enough that nothing lingers. The forwarded image or file itself is never stored at rest: it is processed to generate your reply and deleted immediately, and only the short text description survives the 24-hour window. We retain technical threading identifiers (such as machine-generated message IDs) so related emails group into the same conversation, but those identifiers do not contain your message content.

Email delivery — limited retention by our provider

During our beta, we send our replies and notifications through Resend, our email delivery provider (see Who we share data with). The emails we send you are stored by Resend for up to 30 days, then automatically deleted. Because each reply quotes the message you sent — so your thread stays readable in your inbox — that quoted content, along with any image we attach, is part of what Resend temporarily holds. This is a provider-side limit, separate from our own 24-hour window, and we expect to remove this dependency as we leave beta.

What we keep

The only personal information we retain on an ongoing basis is your account information, your memory note, and the aggregate usage and operational metadata described above. We keep these for as long as your account is active, and for a reasonable period afterward as needed for security, dispute resolution, and legal compliance.

Deletion

You may ask us to delete your data at any time. On request, we will delete your memory note and account and close your access, except where we are required to retain certain limited records by law.

10 Security

We take reasonable measures to protect your information, including:

Encrypted transport (TLS/HTTPS) for web and API traffic;
Cryptographically signed (HMAC) webhooks so our application only accepts authenticated inbound mail;
Sender authentication (SPF, DKIM, DMARC) plus an invite-only allowlist to block spoofed and unsolicited mail;
Restricting internal administrative access to authorized personnel through an access-controlled gateway.

Please note that email is not end-to-end encrypted in transit between your mail provider and ours, and no method of transmission or storage is completely secure. We cannot guarantee absolute security, but we work to protect your information and to notify you of material breaches as required by law.

11 International users & transfers

Mabel is operated from the United States, and our providers may process data in the United States and other countries. If you access the Service from outside the United States, you understand that your information will be transferred to and processed in the United States, where data-protection laws may differ from those in your country. Where required, we rely on appropriate safeguards (such as the European Commission’s Standard Contractual Clauses) for international transfers.

12 Cookies & the website

Our marketing website uses only what is necessary to function. We do not use advertising or cross-site analytics trackers, and the early-access form is protected by a hidden honeypot field rather than a third-party CAPTCHA. One third-party service may receive your IP address when you load the site: Google Fonts, which serves the typefaces. Our internal admin tools use a cookie solely to authenticate authorized staff (through Cloudflare Access). The email assistant itself does not rely on cookies.

13 Children

Mabel is not directed to children. The Service is invite-only and intended for adults; we do not knowingly collect personal information from children under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.

14 Third-party links

Replies from the assistant may include links to third-party websites (for example, recipe sites or research sources). We are not responsible for the privacy practices or content of those sites, and we encourage you to review their policies before sharing information with them.

15 Changes to this policy

We may update this policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. If we make material changes, we will take reasonable steps to notify you, such as by email or a prominent notice. Your continued use of the Service after an update means you accept the revised policy.

16 Contact us

If you have questions about this policy or how we handle your data, contact us:

Baseline Logic LLC

Privacy inquiries: [email protected]

Colorado, United States

↑ Back to top