Totale, Sécurisée, Simple: pick the AI access level per mailbox, independently. PGP at-rest encryption, PII anonymization, 24-word recovery code.

Junyr — 3 confidentiality levels per inbox

A new option for privacy-sensitive users: Junyr now offers 3 AI processing modes, picked independently for each inbox. You can give the AI full access to your personal address and switch your legal inbox to strict-encrypted mode. Same platform, no compromise.

---

The problem: all-or-nothing

Picture this. You have two inboxes in Junyr:

• personal@gmail.com — you want the AI to summarize everything, draft replies, sort by priority automatically.
• legal@yourcompany.com — that's the inbox receiving NDAs, confidential amendments, sensitive case files. You want nothing going to a cloud LLM, ever.

Until now, the choice was binary: either you turned AI on for the whole platform, or you turned it off everywhere. No granularity. It's the classic SaaS flaw — one switch for all accounts.

---

The solution: 3 levels per inbox

Junyr introduces three confidentiality levels, per inbox. Each mailbox picks its level, independently. An icon (lock / shield / none) appears in the account switcher so you can see at a glance which mode is active.

1. Totale — no AI at all, PGP at-rest encryption

Your messages are encrypted at rest with a PGP key derived from your password (Argon2id, identical to the Proton Mail model). No summary is generated, no smart action is suggested, no AI search is available. You keep classical full-text search on the client side.

This is the mode for your legal, medical, or strategic inboxes. Junyr does not read your messages — they are simply stored, encrypted with a key we do not hold.

2. Sécurisée — AI available, PII anonymized before any send

Your messages are also encrypted at rest. But the AI stays accessible, with a guardrail: before any LLM call, your proper names, addresses, phone numbers, IBANs, and amounts are replaced with codes (e.g., Sonia Hely becomes ContactABC, 12 Main Street becomes [ADDR_001]). The sanitization uses Microsoft Presidio and validated PII regexes.

The 3-step pipeline: (1) the payload runs through Presidio, (2) entities are swapped for codes via a local mapping table, (3) only the anonymized payload reaches the LLM. The mapping table stays on your instance, never transmitted. The cloud LLM (Mistral by default, sanitization mandatory) generates a summary containing the codes; we re-project the real values locally for display.

This is the balanced mode: you keep 95% of the AI value, you cut 100% of the PII leakage.

3. Simple — current behavior

Maximum performance and accuracy. All AI providers available (local processing for nightly batches, Mistral for real-time). Standard storage (TLS in transit, S3 encrypted at rest). This is the default mode, kept to avoid breaking existing accounts.

---

The 24-word recovery code

If you enable Totale or Sécurisée, your messages are encrypted with a key derived from your password. If you forget the password, neither you nor we can decrypt.

On activation, Junyr displays — once and once only — a 24-word recovery code (BIP-39 style, the same format as crypto wallets). Write it on paper. Store it offline — not in an online password vault, not in an iCloud note. This code is your only way back if you forget your password.

To recover, you enter the 24 words, you pick a new password, and your PGP keys are re-encrypted with the new derivation. Your messages stay intact.

---

How to enable

Settings → Email → click the card for the desired level → confirm with your current password.

Important warning: the transition to Totale or Sécurisée is destructive. Junyr deletes the AI artifacts already generated for this inbox (summaries, smart actions, vector embedding chunks). This is intentional — so no trace of the previous mode is kept. A dialog box tells you exactly how many items will be erased; you have to tick an "I understand" checkbox before confirming.

Switching back to Simple does not delete anything — it simply re-opens AI access to new messages.

---

Going further

• Migration Wizard: if you import a Gmail/Outlook inbox into a Junyr inbox set to Sécurisée or Totale, PGP encryption is applied client-side before upload to our storage server. True per-user isolation: we never see the plaintext.
• Pairing with RFC 3161 timestamping: the two features are independent. You can have a Totale inbox with timestamping enabled (the integrity proof works on the hash, not on the content).
• GDPR compliance: Sécurisée constitutes a pseudonymization measure under GDPR Article 4(5). Totale constitutes end-to-end encryption under Article 32.

---

Try Sécurisée on your most sensitive inbox — it's reversible (with intentional loss of previous AI artifacts).

Settings → Email → Confidentiality level.