Hydra← back to home
legal

Privacy

last updated 2026-04-16

Hydra stores email content because that's the product. We store as little metadata as we need to deliver, route, and display your messages — and nothing else.

What we store

For each domain you add: the domain name, the DKIM key we generate (private key encrypted at rest with AES-256-GCM), the DNS records to publish, and verification status. For each message: the raw MIME, parsed body and headers, attachments, and basic metadata (sender, recipients, subject, timestamps).

What we don't store

  • Tracking pixels — we block remote images by default in the inbox, so the senders of your inbound mail don't learn when (or whether) you opened their messages.
  • Cross-customer analytics. Your inbox is your inbox.
  • Anything we don't need to render or deliver email.

Where it lives

Postgres on Railway (US region), raw MIME and attachments on Cloudflare R2. Backups are encrypted. Database access is restricted to the Hydra application server and the database admin (one person).

Automated processing of email content

To deliver core product features — folder organization, attachment handling, full-text search, inline-image extraction, and classification into Personal, Automated, and System buckets — Hydra processes both the headers and bodies of your email on its own server infrastructure. Examples: scanning for a List-Unsubscribe header or an “unsubscribe” link in the body to sort a newsletter under Automated; reading the subject + plain- text preview for full-text search; extracting base64 inline images into R2 to speed up message rendering.

This processing is confined to your workspace. We never send email content to third parties, we never use it to train models (ours or anyone else's), we never share it across customers, and we never analyze it for any purpose outside your own inbox experience. If you prefer header-only classification, you can disable the content- based step in Settings → Preferences → Smart categorization.

Who can see it

Only you. The Hydra founder can technically access the database for support and debugging purposes — we never read mail content unless you explicitly ask us to in a support ticket.

Deletion

Cancel any time. You get a 30-day export window to download every message as standard .eml files. After that, all data is permanently deleted from primary storage and backups within 60 days.

Contact

Privacy questions go to hello@hydra.mx.