Privacy, as the demo works today.
This page explains the current behavior of the Percival demo in plain English. It is a practical product-facing summary, not legal advice or a final production privacy policy.
What Percival processes
Percival processes the email content you upload or paste, including sender metadata, subject line, links, and attachment names or metadata needed to produce a scan result.
How the current demo handles data
The current implementation processes scans in memory during the request lifecycle. The UI and API both describe this flow as not being stored as part of the scan experience.
What to clarify before public launch
Before wider release, add a formal retention policy, logging review, rate-limit policy, and deployment-specific privacy wording so the legal and technical story matches the real environment.
If you later add persistent logging, third-party monitoring, queued processing, analytics, or hosted file storage, this page should be updated immediately to reflect the real data flow.