Effective date: June 21, 2026 · Last updated: June 21, 2026
Red One Dispatch ("the Service") is operated by Red One Corporation ("Red One", "we", "us"). This policy explains what data the Service processes on behalf of the organizations that subscribe to it ("Customers"), and how we protect it. For Customer mailbox data, Red One acts as a data processor; the Customer is the data controller.
| Category | Examples | Why |
|---|---|---|
| Email content & metadata | Subject, body, sender/recipient addresses and names, timestamps, conversation IDs, sent items, mailbox settings | To classify priority, generate draft replies, and detect reply/burst patterns |
| Account & configuration | User display name, email, mobile number (for SMS), time zone, VIP lists, reply signature | To operate the Service for each monitored mailbox |
| Operational & usage | Processing logs, message/token/SMS counts, health checkpoints, and per-message cost metadata (model, token counts, cost, timestamp, and the monitored mailbox address) — no email content, senders, or subjects | Reliability, support, billing/metering, and our own cost/margin accounting |
We access mailboxes only after a Customer administrator grants explicit Microsoft 365 admin consent (or Google Workspace domain-wide delegation). To avoid requiring customers to re-consent later, the Service requests both read and management (read/write) permissions for the enrolled mailboxes at the time of consent; write permissions are exercised only for features the Customer enables.
We share the minimum data necessary with the following sub-processors:
| Sub-processor | Purpose | Data shared |
|---|---|---|
| Anthropic, PBC | AI classification & draft generation | Cleaned email subject/body and sender context for the message being processed |
| Twilio Inc. | SMS alerts | Recipient mobile number and the alert text (sender, subject, summary) |
| Microsoft Corporation | Mailbox access (Graph), hosting, storage (Azure) | Mailbox data; all stored Service data |
| Google LLC (Google Workspace tenants only) | Mailbox access (Gmail API) | Mailbox data for Google-hosted Customers |
| Stripe, Inc. | Billing | Billing contact and subscription metadata (no mailbox content) |
| Email delivery provider (e.g. SendGrid / Mailgun / Amazon SES / Azure) | Transactional email (e.g. card-expiry and billing notices) | Billing contact email address and the notice content (no mailbox content) |
Email content is sent to our AI sub-processor solely to classify and draft replies for that message. We do not use Customer data to train AI models, and our AI sub-processor does not train its models on data submitted through its commercial API.
Service data is stored in Microsoft Azure in the East US region. Compliance-tier Customers may be provisioned dedicated, geo-redundant storage and a dedicated key vault. We retain processed-message and action-item records for 12 months, and delete Customer data within 30 days of account termination on request.
Data is encrypted in transit (TLS) and at rest. Each Customer's data is logically isolated by tenant, and platform secrets are held in Azure Key Vault accessed via managed identity. Access to production systems is restricted to authorized Red One personnel.
Depending on your jurisdiction (e.g., GDPR, CCPA), individuals may have rights to access, correct, delete, or export their personal data, and to object to or restrict processing. Because we process mailbox data on behalf of Customers, such requests are generally directed to the Customer (controller); we assist Customers in fulfilling them. Contact privacy@red.one.
We will post material changes here and update the effective date. Continued use of the Service after changes constitutes acceptance.
Red One Corporation
3200 Highlands Pkwy SE, Smyrna, GA 30082
privacy@red.one