ElephantClock ELEPHANTCLOCK.TECH
ElephantClock Blog · Privacy

Why we published our Private AI Email Agent's source code

Published 29 June 2026 5 min read Private preview

We built an AI email agent that keeps your email and all of its AI processing on your own infrastructure. A claim like that should not be taken on faith, so we put the product thinking, the trust model, and the MVP source code where anyone can read them.

View the source on GitHub See the product

A privacy product should not be a black box

Most AI email tools work the same way underneath. To summarise a thread or draft a reply, they upload your messages to a model running in someone else's cloud. For many businesses in the UAE, especially in legal, finance, and any field handling confidential correspondence, that single fact ends the conversation.

We built the opposite. The Private Email Agent runs its AI on your own devices or infrastructure. Your email never leaves your business, because there is no third-party AI service to send it to. That is a strong promise, and the honest way to back a promise like that is to let people inspect it. So we published it.

What we published

The repository contains the thinking and the build, not a marketing page:

  • Product principles and trust model. How authority is granted, scoped, earned, and revoked, and why the agent only acts within limits you set.
  • Interaction and design system. The conversation-first interface and the typed surfaces the agent is allowed to show.
  • The intent catalog. The complete set of email outcomes the product is designed to handle.
  • The interactive prototype. The same screens you see on the product page.
  • The MVP source code. The in-progress Flutter application behind the agent.
github.com/elephantclock/private-ai-email-agent

Privacy enforced by architecture, not by policy

The core design is simple to state and easy to verify in the code:

  • The model proposes, deterministic rules decide. The language model never sends mail by itself and never generates the interface. It returns typed proposals that a deterministic policy layer approves or blocks.
  • Local AI only. The model that reads and writes your email runs on hardware you control. Email content never leaves the machine for analysis.
  • Bounded, reversible autonomy. Every action traces to a permission you granted, is logged, and can be undone where possible. Consequential messages always wait for your approval.

These are not slogans on a landing page. They are the structure the code is built around, which is exactly why publishing it is worth doing.

Source-available, with a clear boundary

To be precise about what "in the open" means here: the repository is published for transparency and evaluation. You can read every line. It is not licensed for reuse or redistribution, and the brand remains ours. We think transparency and a clear license can coexist, and for a product people trust with sensitive communication, both matter.

Why this matters if you are evaluating AI for sensitive email

If you handle confidential correspondence, the most important question about any AI tool is not how clever it sounds. It is where your data goes and who can decide what happens to it. Being able to read the architecture, the data flow, and the authority rules is the level of transparency you should expect from anyone you let near your inbox.

The Private Email Agent is in private preview, and we are onboarding a first group of UAE businesses. Read the code, then see it working on a real inbox.

Book a private demo Explore the repository