Arlo

How It Works

How Arlo handles
your data.

Effective May 8, 2026

You're trusting Arlo with the contents of your inbox. That's a serious thing to ask, and we owe you a serious answer. This page is the answer in plain language. The lawyer-grade version lives at /privacy.

If you read nothing else, the short version:

Arlo reads your email to extract what matters, then forgets the raw content within 30 days. Subject lines, who emailed whom, and the structured facts Arlo learned (your relationships, your projects, your priorities) stay so the product still works. The full bodies do not.

What Arlo touches

When you connect your inbox, Arlo (via Nylas) pulls your messages so it can do its job. Same for calendar (Google Calendar) and any other channel you connect. We only ingest what you authorize, and you can disconnect any integration at any time.

We use a few different categories of data:

  • Account data. Your name, email, profile info, organization. The basics needed to run an account.
  • Connected service content. Email bodies, snippets, subjects, metadata, calendar events, attendees. This is the raw material.
  • Extracted memory.Structured facts Arlo derives from the raw content. Examples: “Sarah from Acme has a meeting with you on Tuesday,” “your investor update is due Monday,” “Chen prefers Slack over email.” This is what makes Arlo useful long-term.
  • Narrative.A high-level summary of who you are, what you’re building, and the people in your orbit. Generated and refreshed from your data, used to give Arlo context for every interaction.

What we keep, what we forget

This is the part most products are vague about. Here’s the actual rule, the one our retention worker enforces every day:

  • Email bodies and snippets: purged after 30 days. Encrypted while they exist, fully nulled out after. The retention window is configurable, and 30 days is the default we ship with.
  • Subjects, sender, recipient, timestamps, thread structure: kept while your account is active. We need these so your inbox view in Arlo still works after a body has been purged.
  • Extracted memory and narrative:kept while your account is active, because that’s the entire point of Arlo. You can delete any specific entry at any time.
  • Outbound transactional message logs: retained up to 90 days for deliverability and debugging, then deleted.
  • Account deletion: when you delete your account, your data is purged within 30 days, except where the law requires us to retain something (financial records mostly).
  • Dormant accounts (paid trial ended without payment): your account stays signed-in-able but data polling stops. We no longer pull email, calendar, or other inbound on your behalf. Raw email and calendar data are auto-purged within 30 days of dormancy via the same retention worker. Memory, narrative, briefs, and tasks are preserved so you can pick up where you left off if you reactivate. For a hard delete of memory and narrative, email business@arlo.fyi.

Encryption, precisely

The honest version, not the marketing version.

Email bodies, snippets, and other sensitive fields are encrypted at rest using envelope encryption. Each organization gets its own Data Encryption Key (DEK). That DEK is itself wrapped under a Key Encryption Key (KEK) that lives in our infrastructure. Cipher: AES-GCM, 256-bit. Anything in transit between Arlo, your browser, and our providers is over TLS.

What this gets you: if our database leaked tomorrow, the bodies inside would be unreadable without the keys. Different organizations are isolated cryptographically, not just by row-level access checks.

What this does not claim: the master KEK currently lives in our infrastructure, which means our systems can decrypt your data when they need to (for example, when the AI summarizes a thread you asked about). We’re migrating to a managed Key Management Service so the KEK never sits in application memory. Customer-managed keys (BYOK) are on the longer-term roadmap for organizations that want to hold the master key themselves.

AI processing

The marketing-friendly version of this section says we use OpenAI. The accurate version is more nuanced: most reasoning over your content runs on gpt-oss, OpenAI’s open-weights model family, served by Cloudflare Workers AI, the same network where the rest of Arlo runs. For routine inference, your content does not leave Cloudflare’s infrastructure.

Concretely, the features that touch your content (email triage, morning briefings, draft replies, narrative refresh, memory extraction, contact structuring) all run on gpt-oss models (gpt-oss-20b for routine work, gpt-oss-120b for deeper reasoning) hosted on Workers AI. None of those calls go to OpenAI’s API.

OpenAI stays on our /sub-processorslist as a fallback for when Workers AI is unavailable. In practice that path is rarely exercised, but it exists, and we’d rather list it than pretend it doesn’t. When the fallback fires, OpenAI’s API agreement applies. They do not train general-purpose models on content sent to their API (their March 2023 policy, contractually committed in our agreement).

Inside Arlo, the only AI usage of your content is to produce the response you asked for, refresh your narrative, and update your memory. We do not use your content to train Arlo’s own models either.

Who we share with

The companies that touch your data, and why. The full list lives at /sub-processors.

In short: hosting and database (Cloudflare, Neon), email and calendar ingestion (Nylas), AI inference (OpenAI), transactional email (Resend), messaging (Twilio), billing (Stripe), and public information enrichment about people you correspond with (Andi Search, Perplexity).

We do not sell your data. We never will. Each provider is bound by a contract that limits their use of your data to providing services to us.

Your controls

What you can do today:

  • Disconnect any integration from settings. The data Arlo already ingested stays on its retention schedule unless you also delete it.
  • Delete any individual memory entry from the cockpit. They reappear if Arlo learns them again from new data.
  • Delete your entire account. Everything we hold is purged within 30 days, with the legal exceptions noted above.

What’s coming:

  • Sender, domain, and label-level ingestion filters so you can tell Arlo to ignore specific people, companies, or threads entirely. The body never enters our system in the first place.
  • A “What Arlo Knows About You” view that lists every memory entry, contact, and fact, with delete-per-row.
  • Customer-managed keys for organizations that want to hold the KEK outside our infrastructure.

How to reach us

Privacy questions: privacy@arlo.fyi

Security disclosures: security@arlo.fyi

Anything else: hello@arlo.fyi