All Features
FeaturePlatformUpdated May 25, 2026

Metadata-only privacy architecture

Someone searching metadata-only email tracking is typically an AE, founder, or RevOps lead selling into regulated industries where procurement reviews scrutinise what the tracking tool stores.

Tracking tools split into two architectural categories in 2026. Body-reading tools (Yesware, Saleshandy, HubSpot Sales Hub, Streak, Mailbutler) store the full email content because their product features require it — sequences, templates, mail merge, CRM features all need access to message bodies. Metadata-only tools store engagement events and minimal context (subject line typically) but never the full body. Outsolvi is in the metadata-only category.

The architectural choice matters most in procurement reviews. For sales into healthcare, financial services, legal, government, and other regulated industries, the question "what does the tool retain?" comes up early and the answer determines how fast the procurement review clears. Metadata-only is the answer that clears most procurement processes in days; body-reading creates longer compliance conversations.

What it does

Outsolvi's tracking infrastructure stores engagement events (open timestamps, click events, IP and User-Agent for confidence scoring, reply detection signals) and the email subject line. The email body content does not leave the rep's inbox — it stays on the sender's email provider (Outlook or Gmail). The only exception is the AI reply sentiment feature, which processes the reply text ephemerally to produce the sentiment grade but does not retain the text long-term — only the resulting grade and confidence are stored.

Why it matters in 2026

  • Procurement reviews in regulated industries (healthcare, financial services, legal, government) routinely ask what data the tool stores. "Metadata only" is the answer that clears most reviews quickly.
  • GDPR Article 6 legitimate-interest processing is easier to defend when the processing scope is limited to engagement metadata rather than full message content.
  • SOC 2 audit scope is meaningfully smaller for metadata-only architectures, which speeds the certification cycle and the customer review cycle that depends on it.
  • Customer trust on what their sales rep's tool retains about their conversations is higher when the answer is "the open timestamp, not the message body."
  • The architectural choice is hard to reverse — body-reading tools cannot retroactively become metadata-only without losing the features that depend on body access. Picking metadata-only at the start is a one-way structural decision.

How it works

The tracking pixel and click-redirect mechanism that captures engagement events runs entirely on metadata — the pixel load logs the request IP, User-Agent, timestamp, and the unique identifier mapping to which email. No body content is touched. The email subject line is captured for engagement-display purposes (so the rep can identify which thread an event belongs to in the dashboard) but is treated as metadata in the storage architecture. Reply detection uses standard email headers (Message-ID, In-Reply-To, References) without parsing the reply body. The AI reply sentiment feature is the one place where reply body text is processed — and that processing is ephemeral: the text passes through the sentiment-grading model and the resulting grade is stored, but the text itself is not retained. Encryption: AES-256 at rest on stored metadata, TLS 1.3 in transit between the rep's client and the Outsolvi backend, scrypt key derivation for sensitive metadata fields. SOC 2 aligned controls, GDPR DPA available on request, CCPA compliance for California recipients.

How competitors handle this

Of the 14 trackers in our compare catalog, Outsolvi is one of the few that runs a metadata-only architecture. Yesware, Saleshandy, HubSpot Sales Hub, Streak, Mailbutler, and most cold-outreach platforms all store email body content because their product features (sequences, templates, mail merge, CRM features) require it. Mailtrack and basic trackers (Right Inbox, Vocus) are closer to metadata-only but their privacy posture is less documented. For regulated-industry sales, the metadata-only architecture is rare in the category and is one of the most-cited reasons teams in healthcare, financial services, and legal pick Outsolvi.

Use cases for Metadata-Only Privacy

  • B2B sales into healthcare buyers where HIPAA-adjacent data handling questions come up in every procurement review
  • Sales into financial services where SOC 2 / FINRA / SEC compliance affects which tools the vendor can use
  • Legal industry consulting where attorney-client privilege considerations affect what tracking tools are acceptable
  • Government and public-sector sales where data-handling requirements are explicit and strict
  • Founder-led fundraising where investors care about what tools the founder uses to track them

Frequently asked questions

What exactly does Outsolvi store about my emails?+

Engagement events (open timestamps, click events, IP and User-Agent for confidence scoring), the email subject line, recipient email addresses, sending rep, and computed engagement signals (confidence tier, sentiment grade, hot-lead flag). The email body content is not stored. The only ephemeral exception is the AI reply sentiment processing, which reads reply text to produce the sentiment grade and then discards the text.

How is this different from Yesware or HubSpot Sales Hub?+

Yesware and HubSpot Sales Hub store the email body content because their sequence engines, template libraries, and CRM features require body access. Outsolvi does not have those features — it is a focused tracking-intelligence layer that runs on metadata only. The trade-off is feature breadth (Yesware/HubSpot do more with the body access) versus privacy posture (Outsolvi has less compliance surface area).

Does GDPR Article 6 legitimate-interest cover this?+

Yes for B2B sales outreach. The legitimate-interest basis for B2B direct outreach is well-established under GDPR. The metadata-only architecture makes the legitimate-interest assessment easier because the processing scope is narrow. Right-to-erasure requests on retained metadata are honoured promptly. A DPA is available on request for procurement reviews.

What about SOC 2?+

Outsolvi is SOC 2 aligned with audit-readiness documentation available for procurement reviews. The metadata-only architecture meaningfully simplifies the SOC 2 scope compared to body-reading tools, which speeds both our certification cycle and customer review cycles that depend on it.

What happens when I track an email — does Outsolvi see the message?+

No. The tracking pixel and link-redirect mechanism run on engagement events only. The pixel load and click events are logged; the message body stays on your email provider (Outlook or Gmail). The Outsolvi backend never sees the message content during the tracking lifecycle.

What about the AI reply sentiment feature — that needs to read the reply, right?+

Yes, that's the one place where reply text is processed. The processing is ephemeral: the reply text passes through the sentiment-grading model and produces a grade plus confidence. The text itself is not retained in long-term storage — only the resulting grade and confidence values. For teams in highly-regulated industries that prefer to avoid any text processing, the AI reply sentiment feature can be disabled in account settings; tracking continues without it.

More on this topic

Free tools, articles, and glossary entries that share a topic with this feature.

Free tool
1-Click Unsub
Builds the two headers from your unsubscribe endpoint URL.
Open
Article
Email Tracking, Privacy, and Security: The 2026 Sales Leader Guide
What tracking pixels actually do, the metadata vs body architectural choice, encryption baselines, GDPR/CCPA/S…
Open
Glossary
Apple Mail Privacy Protection
Apple Mail Privacy Protection (MPP) is a privacy feature that launched with iOS 15 in September 2021. When ena…
Open
Glossary
Email Tracking Pixel
An email tracking pixel is a 1x1 transparent image embedded in an email that loads from a tracker server when …
Open
Glossary
Gmail Image Proxy
Gmail's image proxy is the system Google uses to route every embedded image in incoming Gmail messages through…
Open
Feature
Confidence Scoring
Confidence scoring grades every email open event with a confidence value from 0 to 100 percent based on whether the open is likely a human read or a machine pre-fetch.
Open

Try Metadata-Only Privacy for free

14-day free trial, no credit card. Metadata-Only Privacy plus the full Outsolvi feature set including all the other features in this category.

Start 14-Day Free Trial

Where this feature is used

Use cases, workflow patterns, and personas that depend on Metadata-Only Privacy.

Use cases
Sales prospecting, proposals, renewals, investor outreach
Workflow patterns
4-hour follow-up, engagement velocity, hot-lead routing
By role
AEs, founders, consultants, more

Other Outsolvi features

Tracking AccuracyConfidence Scoring
AI FeatureHot Lead Detection
AI FeatureAI Reply Sentiment
PlatformUnified Dashboard
AI FeatureSend-Time Optimization
Nate SummersCo-Founder, Outsolvi

Nate built Outsolvi after watching every email-tracking tool he had ever used lie to him about opens. Outsolvi runs Tier 1 to 5 confidence scoring on every open, native in Outlook and Gmail, so the number on the dashboard is one a rep can actually act on.

Last reviewed May 25, 2026Editorially independent

We update these pages when the underlying mechanics change — new mailbox-provider rules, new tracker behavior, new measurement gaps. The dates above are real revisions, not auto-touches.

ArticlesFree toolsPricing