Learning Center Email Data Handling

Email Integration

How Ursara integrates with email providers and handles data.

Overview

Ursara’s email integration enables users to send deal-related emails directly from the platform and automatically track lender responses. The integration connects to users’ existing email accounts (Google, Microsoft 365, or any IMAP-compatible provider) and provides workflow automation without requiring users to leave the platform.

Technical architecture

Our email integration uses an industry-standard middleware layer to securely connect with email providers while maintaining strict data isolation.

Email Integration Architecture

Ursara Platform
Automation & workflows
Nylas Middleware
No data storage
Email Providers
Google, MS365, IMAP

Outbound Flow

  1. 1. Compose & send

    User sends email directly from Ursara

  2. 2. API Call

    Ursara forwards request via Nylas OAuth

  3. 3. Delivered

    Email is delivered and appears in Sent folder

Inbound Flow

  1. 1. Webhook received

    New email arrives; Ursara receives metadata only

  2. 2. Thread match check

    Ursara verifies if it matches an active deal thread

  3. 3. Fetch & automate

    If matched: fetch body. If not: discard immediately.

Middleware
Nylas — industry-standard email integration platform (SOC 2, ISO 27001, HIPAA)
Auth
OAuth 2.0 tokens (no credentials stored)
Providers
Google Workspace, Microsoft 365, IMAP
Scope
Per-user (not tenant-level)

How Nylas Works

  • Acts as a middle layer between Ursara and email providers
  • Handles OAuth authentication flow
  • Sends push notifications (webhooks) when new emails arrive
  • Does NOT store email content — acts as a pass-through layer for API calls and webhooks

Data access

Understanding exactly what data we access — and what we don’t — is critical for evaluating our email integration.

Data Access Matrix

Full access — stored
Emails sent via Ursara We created the thread
Replies to Ursara threads thread_id matches
Headers only — discarded
All other emails from, to, subject checked then discarded
No access — never requested
Non-Ursara email bodies No thread_id match
Personal emails Not in any Ursara thread

How Ursara processes your emails

See how different types of emails are handled — what triggers automation, what data is extracted, and what stays private.

Lender sends loan terms

Data extracted:

  • Shared (anonymized): Multifamily, TX, $12M, SOFR+275, 85% LTV
  • Private: 450 Oak Street, First Capital

Ursara AI Actions:

  • Quote auto-populates in your deal’s quote matrix
  • Deal status updates to “Quote Received”
  • AI generates note: “First Capital interested at SOFR+275, 85% LTV”

Lender declines to quote

Data extracted: No deal data shared. Lender preference (industrial footprint) is saved internally to improve future matching.

Ursara AI Actions:

  • Deal status updates lender to “Passed”
  • AI note: “Metro Bank passed - outside lending footprint”
  • Contact note added with geographic preferences

Lender declines but shares lending parameters

Data extracted: No deal data shared. Lender program parameters ($25M min, 70% LTV, Top 15 MSAs) are saved internally to improve future matching.

Ursara AI Actions:

  • Lender marked as “Passed” on this deal
  • Lender profile updated with program parameters
  • Future deal matching improved with $25M minimum

Non-business email is ignored

Data extracted: Email ignored — no data processed.

Ursara AI Actions:

  • Email body never requested or seen by Ursara
  • No notes, quotes, or status changes

Security & compliance

Hosting
Microsoft Azure, East US
Physical
Azure SOC 2 certified data centers
Network
TLS 1.2+ with HSTS preload
Monitoring
Azure Monitor, Application Insights
Code Security
GitHub Advanced Security, SonarQube
Dependencies
Dependabot, Trivy container scanning

Compliance

SOC 2 Type 2 Certified. Compliance covers Access controls, Data encryption, Business continuity, Disaster recovery, Incident response.

LLM usage

How we handle your data when processing with AI is critical to our security posture. For detailed information about our LLM providers, data protection guarantees, and what data is sent to AI models, see our dedicated AI Data Handling documentation.

Data handling

Data Stored

  • Emails from threads launched through Ursara
  • Attachments on those threads (term sheets, OMs, etc.)
  • Extracted quote data (parsed by AI)
  • Deal status updates based on email activity

Data Retention

  • No automatic deletion — emails retained until customer requests deletion
  • User deletion — users can delete individual emails from Ursara (does not affect their inbox)
  • Account termination — all data exported and deleted on request

Data Ownership

  • Customer owns their data
  • Data is private to the customer’s organization
  • Customer data is NOT used to train AI models

Privacy safeguards

Ursara isolates customer data, ensuring complete privacy. Emails, models, and attachments from one customer are never accessible by another customer.

Still have questions? Contact our support team.

Bank-Grade Infrastructure

256-bit Encryption
Role-Based Access
Audit Logs