Privacy policy

Conflu ("we", "us") is operated by RT Consulting FZE for conflu.xyz. This policy describes what we collect and how we process it.

What we do not store

We do not store email bodies, subjects, senders, recipients, calendar event titles or descriptions, contact details, task content, attachment content, or filenames. Conflu is a stateless pass-through: your AI client calls our MCP endpoint, we authenticate the request, retrieve OAuth tokens from secure secret storage, call Microsoft Graph in real time, and stream the response back. We do not cache or index provider payloads.

What we do store

We store account metadata in Firestore (for example connected mailbox addresses, tenant identifiers, account status, and billing plan). We store usage counters and per-request metadata (timestamps, tool name, bytes transferred) for billing and support. OAuth refresh tokens are stored only in Google Cloud Secret Manager, not in Firestore.

Where data is processed

Data is processed in the European Union, including Mailgun's EU instance for transactional email.

Contact

Privacy questions: privacy@conflu.xyz.