Last updated: June 2026
When you create an account, we collect your name, email address, university, degree, and year of study. If you upload a CV, it is stored securely and used solely to personalise your outreach emails. We also store your pipeline data, email drafts, and sending history.
Your profile information is used to generate personalised cold outreach emails on your behalf. Your CV text is extracted and used as context for email generation. We do not sell, share, or distribute your personal data to any third parties. Your data is used exclusively to provide the Severn service. We do not use your data — including any Google user data — to develop, improve, or train generalised or personalised AI or ML models.
If you connect your Gmail account, Severn uses Google OAuth and requests two scopes:
When checking for replies, Severn reads only messages relevant to your outreach: bounce notifications, and replies whose sender matches an address you contacted through Severn. For a matched reply, we read the sender, subject, date, and the plain-text body. We do not read, index, scan, or process the rest of your mailbox, and we do not access your contacts.
The text of a matched reply is stored against your account so we can display it and, if you choose, generate a suggested response. You can remove this at any time by deleting the contact from your pipeline, or by deleting your account.
Severn does not use Gmail data (message content, metadata, or replies) to develop, improve, or train any generalised or personalised AI or ML models. Reply text is sent to our AI processor only to generate a draft for you, at the moment you request it.
If you connect using an app password instead of Google OAuth, your app password is encrypted using AES-256-GCM before being stored and is decrypted only at the moment of sending or when checking for replies via IMAP. The same reply-checking limits described above apply: Severn reads only bounce notifications and replies from addresses you contacted.
Your account data is stored on Supabase (hosted on AWS in the EU, region eu-west-1, Ireland). Passwords are hashed using scrypt with a unique salt. App-password credentials are encrypted with AES-256-GCM. Session tokens expire after 7 days. CV files are stored in encrypted cloud storage with access restricted to your account. All API endpoints that handle personal or firm data require authentication.
The firm database contains publicly available information sourced from company websites, Companies House filings, and the FCA Register. Contact email addresses are generated using publicly observable patterns and verified where possible via SMTP. No private or restricted databases are used.
If you are on a paid plan, Severn includes a 1x1 tracking pixel in sent emails to detect when a recipient opens your message. This data is stored against your account and is not shared. Recipients are not individually identified beyond their email address.
To provide the service, your data may be processed by the following third parties, each under their own privacy policies:
Your data is retained for the duration of your account. When you delete your account, all personal data is permanently removed within 30 days, including your profile, pipeline, sent history, CV files, and SMTP credentials. Anonymised analytics data (e.g. aggregate reply rates) may be retained indefinitely.
If you are in the UK or EU, you have the right to access, correct, export, or delete your personal data at any time. You can delete your account from the dashboard. To request a data export or exercise any other right, contact us at the address below. Our lawful basis for processing is legitimate interest (providing the service you signed up for) and consent (for optional features like email tracking).
Severn uses browser sessionStorage to maintain your login session and localStorage for UI preferences (e.g. row density). We do not use third-party tracking cookies. No advertising or analytics cookies are set.
Severn is intended for users aged 18 and over, primarily university students and recent graduates. We do not knowingly collect data from anyone under 18.
For any privacy-related questions, data requests, or concerns, contact us at privacy@severn.app.