Junyr Suite sets one AI processing mode — Simple, Sécurisée, or Totale — for the whole company, and lets you make an individual mailbox stricter (never looser), so a sensitive inbox stays encrypted and AI-free while the company keeps the full AI treatment.
Junyr — 3 confidentiality levels per company
In short — Junyr Suite, the sovereign AI operating system for your business, offers three AI processing modes (Simple, Sécurisée, Totale), set once for the whole company. This tier is your company's privacy contract: it governs whether the AI (and MCP) can access your data. An individual mailbox can then be set to a stricter tier — never a looser one — so you keep full AI power for the company while switching a legal inbox to strict encrypted mode, on the same platform, with no compromise.
A privacy option for sensitive businesses: Junyr Suite offers 3 AI processing modes, set company-wide by your admin. That tier governs AI access for the whole company; a specific mailbox can be locked down further but never weakened below it. This sovereign control is one of the pillars of the Junyr Suite — alongside European hosting, On-Prem self-hosting, and the option to bring your own local LLM so your data never leaves your hardware.
The problem: all-or-nothing
Picture this. You have two inboxes in Junyr:
personal@gmail.com— you want the AI to summarize everything, draft replies, sort by priority automatically.legal@yourcompany.com— that's the inbox receiving NDAs, confidential amendments, sensitive case files. You want nothing going to a cloud LLM, ever.
Until now, the choice was binary: either you turned AI on for the whole platform, or you turned it off everywhere. No granularity. It's the classic SaaS flaw — one switch, with no middle ground.
The solution: 3 levels, set per company
Junyr introduces three confidentiality levels, set company-wide by your admin. That tier is the contract governing whether the AI can access your data. A mailbox can then be set to a stricter tier (for example Totale on a legal inbox while the company runs Sécurisée) — never looser than the company policy. An icon (lock / shield / none) appears in the account switcher so you can see at a glance which mode is active.
1. Totale — no AI at all, PGP at-rest encryption
Your messages are encrypted at rest with a PGP key derived from your password (Argon2id, identical to the Proton Mail model). No summary is generated, no smart action is suggested, no AI search is available. You keep classical full-text search on the client side.
This is the mode for your legal, medical, or strategic inboxes. Junyr does not read your messages — they are simply stored, encrypted with a key we do not hold.
2. Sécurisée — AI available, PII anonymized before any send
Your messages are also encrypted at rest. But the AI stays accessible, with a guardrail: before any LLM call, your proper names, addresses, phone numbers, IBANs, and amounts are replaced with codes (e.g., Sonia Hely becomes ContactABC, 12 Main Street becomes [ADDR_001]). The sanitization uses Microsoft Presidio and validated PII regexes.
The 3-step pipeline: (1) the payload runs through Presidio, (2) entities are swapped for codes via a local mapping table, (3) only the anonymized payload reaches the LLM. The mapping table stays on your instance, never transmitted. The cloud LLM (Mistral by default, sanitization mandatory) generates a summary containing the codes; we re-project the real values locally for display.
This is the balanced mode: you keep 95% of the AI value, you cut 100% of the PII leakage.
3. Simple — current behavior
Maximum performance and accuracy. All AI providers available (local processing for nightly batches, Mistral for real-time). Standard storage (TLS in transit, S3 encrypted at rest). This is the default mode, kept to avoid breaking existing accounts. If you'd rather keep even this mode fully sovereign, you can bring your own local LLM — your data then stays on your own hardware for every eligible real-time AI call.
The 24-word recovery code
If you enable Totale or Sécurisée, your messages are encrypted with a key derived from your password. If you forget the password, neither you nor we can decrypt.
On activation, Junyr displays — once and once only — a 24-word recovery code (BIP-39 style, the same format as crypto wallets). Write it on paper. Store it offline — not in an online password vault, not in an iCloud note. This code is your only way back if you forget your password.
To recover, you enter the 24 words, you pick a new password, and your PGP keys are re-encrypted with the new derivation. Your messages stay intact.
How to enable
Settings → Email → click the card for the desired level → confirm with your current password.
Important warning: the transition to Totale or Sécurisée is destructive. Junyr deletes the AI artifacts already generated for this inbox (summaries, smart actions, vector embedding chunks). This is intentional — so no trace of the previous mode is kept. A dialog box tells you exactly how many items will be erased; you have to tick an "I understand" checkbox before confirming.
Switching back to Simple does not delete anything — it simply re-opens AI access to new messages.
Going further
- Migration Wizard: if you import a Gmail/Outlook inbox into a Junyr inbox set to Sécurisée or Totale, PGP encryption is applied client-side before upload to our storage server. True per-user isolation: we never see the plaintext.
- Pairing with RFC 3161 timestamping: the two features are independent. You can have a Totale inbox with timestamping enabled (the integrity proof works on the hash, not on the content).
- GDPR compliance: Sécurisée constitutes a pseudonymization measure under GDPR Article 4(5). Totale constitutes end-to-end encryption under Article 32.
Try Sécurisée on your most sensitive inbox — it's reversible (with intentional loss of previous AI artifacts).
Settings → Email → Confidentiality level.
The three confidentiality tiers ship with every plan of the Junyr Suite. See the full feature list and what's included on the pricing page, explore the Junyr Suite, or read how bring-your-own local AI keeps your data on your own hardware.
FAQ
What are the 3 confidentiality levels in Junyr?
Junyr Suite offers three company-wide AI modes: Simple (full AI, standard encrypted storage), Sécurisée (AI available but every name, address, phone number, IBAN and amount is anonymized before any cloud LLM call), and Totale (no AI at all, with PGP at-rest encryption derived from your password). The tier is set once for the whole company; an individual mailbox can be set stricter, never looser.
Can I lock down one mailbox more tightly than the rest of the company?
Yes. The company sets one baseline tier, and any individual mailbox can be moved to a stricter tier — never a looser one. So with the company on Sécurisée you can still keep legal@… in Totale mode with no AI processing whatsoever, while personal@… follows the company baseline. An icon in the account switcher shows which mode is active.
Does Junyr keep my data sovereign?
Yes — sovereignty is the core of the Junyr Suite: European hosting, the Sécurisée and Totale encrypted tiers, and the option to bring your own local LLM so eligible real-time AI runs on your own hardware. On-Prem self-hosting is available as an Enterprise option.
What happens if I forget my password on a Totale or Sécurisée inbox?
Your messages are encrypted with a key derived from your password, so a forgotten password can only be recovered with the 24-word recovery code Junyr shows you once at activation. Store it offline — it is the only way back, since neither you nor Junyr can otherwise decrypt your messages.
Junyr Team
AI Platform Team
The Junyr team builds AI workforce tools that help European SMEs recruit, train, and manage autonomous AI agents for everyday business tasks.
Related Articles
Junyr now supports A2A: the open agent-to-agent protocol
Junyr implements the Agent2Agent (A2A) protocol — external AI agents can autonomously delegate business tasks to your Junyr agent, complementing the existing MCP connector. Discovered via an Agent Card, OAuth 2.1, scoped per company.
Read article →Professional Email Integration: Junyr Suite's Advantage
Make, Zapier and n8n make you bring external mailboxes. The Junyr Suite includes sovereign professional email and turns your inbox into a working AI operating system — compared head-to-head.
Read article →3-Step Workflow: Junyr's Quality Guarantee
How the Junyr Suite's 3-step workflow — Query Check, Execution, and an independent AI Verification — guarantees output quality before delivery, unlike "run and pray" automation tools.
Read article →