Privacy: what is sent to your AI provider
When you use a MailDesk AI feature, a specific, minimal slice of email data is sent to the AI provider you configured. This page describes exactly what is sent on each request, what is never sent, where it goes, and what MailDesk keeps afterwards. Nothing here is marketing — every statement matches how the product actually behaves.
Available in: Pro. (The Cockpit integration reuses the same provider for manager briefings.) Basic has no AI.
When you use a MailDesk AI feature, a specific, minimal slice of email data is sent to the AI provider you configured. This page describes exactly what is sent on each request, what is never sent, where it goes, and what MailDesk keeps afterwards. Nothing here is marketing — every statement matches how the product actually behaves.
The short version
- AI runs only when you ask it to (or, for the security badge, when you open an email). There is no automatic background harvesting of your mailbox.
- Each request carries only the email or the thread you are working on — never your whole inbox, never other people's mail, never your Odoo business records.
- Attachments are never sent automatically. They are included only if an administrator opts the mailbox in and you explicitly ask the AI to look at an attachment.
- If you use a local / self-hosted server, email content never leaves your network.
- MailDesk keeps the AI's output (the summary, the verdict, the draft) so you don't regenerate it — it does not keep a separate AI copy of your email content.
What is sent — per request
The data sent depends on which feature you run.
| When you… | The provider receives | The provider does not receive |
|---|---|---|
| Open an email (security check) | The sender address (up to 200 characters) and the message text of that one email (up to about 4,000 characters, with HTML removed) | The thread, attachments, other emails, any Odoo records |
| Summarise a thread / draft a reply | The messages in that thread — for each message: sender, recipients, date, subject, and the plain-text body | Attachments*, other threads, other mailboxes, Odoo business data |
| Ask the AI a question about a thread | Your question, the conversation so far, and that thread's text | Anything outside that thread |
| Set a language hint or an instruction | The hint (e.g. "summarise in German") and the operation instruction telling the AI what to do | — |
* Attachments are included only when both conditions are true: the mailbox has Allow AI Attachment Analysis switched on, and you explicitly request attachment analysis on that message.
The email text handed to the AI is plain text — formatting and HTML are stripped first. It is wrapped in a clearly marked "untrusted data" block so that instructions hidden inside an email cannot hijack the AI.
Optional context the AI may also receive
If an administrator has set a Team / Mailbox Context note or a Default Reply Tone on the mailbox, that short guidance is sent along with summarise and reply requests so the AI writes in your team's style. This is configuration text you control — not email content.
What is never sent
- Binary attachments — file contents are never sent, unless you opt the mailbox in and explicitly ask for attachment analysis (see above).
- Any Odoo record — contacts, leads, tickets, sale orders, invoices — even when an email is linked to one.
- Email from mailboxes or threads you are not currently working in.
- Other users' mail.
- Your contact list or calendar.
- Passwords, API keys, or authentication tokens — keys stay in your Odoo configuration.
Where your data goes
- Email content is sent to the AI provider you configured, per request, to produce a result.
- Cloud provider (OpenAI, Google Gemini, Anthropic Claude, xAI Grok, DeepSeek): the request is governed by that provider's privacy and retention policy.
- Local / self-hosted server (for example Ollama, LM Studio, vLLM): email content stays on your network and is never sent to a third party.
- No provider configured: the Security Scan and the editor's Ask AI fall back to Odoo's built-in AI service, governed by Odoo's terms. Summarise and Draft a reply do not fall back — without a configured provider they simply produce no result.
- Retention is provider-governed — MailDesk does not control how long a provider keeps a request. The major commercial providers state that API data is not used to train their models by default; always check the current version of your provider's API policy.
Provider privacy policies
- OpenAI — openai.com/policies/privacy-policy
- Google Gemini — ai.google.dev/gemini-api/terms
- Anthropic — anthropic.com/privacy
How to keep everything on-premise
If your organisation needs all email content to stay inside your own infrastructure — a regulated industry, a sensitive customer base, or a compliance requirement — run a local / self-hosted provider:
- Run a model server such as Ollama, LM Studio, or vLLM on your own hardware or private cloud.
- Configure MailDesk's Custom / Local Server provider to point at it (see Set up your AI provider).
- No email content leaves your network — the request goes only to your own server.
What MailDesk keeps
- MailDesk stores the AI's output (the summary text, the security verdict badge, the reply draft) next to the email so you don't have to regenerate it.
- MailDesk does not store the email content as a separate AI copy. The email itself already lives in your Odoo database as part of normal MailDesk operation.
- Saved AI conversations keep only the question-and-answer turns — never the raw email body.
How control is enforced (four layers)
AI runs only when all of these allow it. Each is checked on the server every time — not just hidden in the interface:
- Global switch — an administrator can disable all AI at once.
- Per-feature switch — individual features (Security Scan, Summarise, Draft a reply, Ask AI) can be turned off.
- Per-mailbox switch — "Allow AI Features" — off for a mailbox means no AI for that mailbox, full stop.
- A provider must be configured with a valid key (or a reachable local server).
Permissions required. You only ever see AI results for mailboxes you already have access to. There is no special elevation — standard Odoo access rules still apply. Turning AI on or off and choosing a provider is an administrator task.
How to opt out
- For one mailbox: MailDesk → Configuration → Mailbox Accounts → [account] → switch Allow AI Features off.
- Per feature or everything: an administrator disables it in MailDesk settings.
- No AI at all: leave the AI provider list empty / inactive, or remove the provider — the stored key is cleared with it.
For Data Protection Officers
Sending email content to an external AI provider is a sub-processing relationship. If you operate in the EU, your administrator should add the AI provider to your record of processing activities (Article 30 GDPR) and have a Data Processing Agreement in place with that provider. For fully on-premise operation, choose a local / self-hosted provider — no external sub-processing applies.
Related
Available in MailDesk Pro 18.0.4.1.0+. Data-flow limits and behaviour verified against the Pro AI service code.