How Tosite.ai processes your email

When you connect a mailbox via Microsoft or Google OAuth, Tosite reads the subject, sender, body, and attachments of messages that look like receipts or invoices. We use a large language model to extract structured data (vendor, amount, date, VAT, category) — no per-vendor templates, no regular expressions to maintain.

• We don't ingest emails that aren't plausibly receipts. A cheap pre-filter rejects obvious non-receipt mail before any LLM cost is spent.
• We don't train any model on your email content. Extraction runs against pre-trained models and the outputs are stored only on your account.
• We don't send, modify, or delete messages in your mailbox — our OAuth scope is read-only.
• We don't share your inbox content with third parties beyond the LLM provider that performs the extraction. The current set of processors is listed in the privacy policy.

Tosite never sees your mailbox password. The OAuth flow returns a refresh token, which we store encrypted at rest (AES-GCM with a per-instance key). Disconnecting a mailbox clears and revokes the token immediately; we keep the row only as a foreign-key target so historical receipts and audit entries continue to resolve.

Receipt rows, attachments, and audit events live for as long as your account does. Raw mailbox content (original messages and attachments) is kept only as long as needed for review, and then cleaned up by a regular job. Extracted structured data is kept for accounting purposes for the period required by accounting law.

Deleting your account from the danger-zone on the account page wipes every connected mailbox, every ingested receipt, every audit entry, and every export job, and revokes every OAuth token.

• Disconnect any mailbox at any time from /dashboard/mailboxes. New emails stop syncing immediately.
• Edit or ignore individual receipts from the receipt detail page; soft-delete a row that shouldn't have been ingested.
• Export everything as CSV or Excel from /dashboard/exports before deleting your account, if you want to keep a copy.
• Delete your account from /dashboard/account at any time.

This notice covers the technical specifics of email processing. The privacy policy is the formal document describing how all personal data is handled, including the legal bases and your rights.