Security Overview
We take your email security seriously and implement multiple layers of protection.Privacy policy
Read our complete privacy policy
Encryption
All data is encrypted in transit using TLS 1.2+ and at rest with AES-256. OAuth tokens are stored encrypted and rotated regularly to minimize exposure.Infrastructure
Cloud Security We host on Microsoft Azure within the EEA, using isolated production environments with network access controls and DDoS protection. Database Protection Databases are encrypted, accessible only via role-based access with MFA, and completely isolated from the public internet. Automated backups run regularly.Authentication
OAuth 2.0 Sign in securely via Google or Microsoft. No passwords to manage or steal. Two-Factor Authentication Add an extra security layer with authenticator apps. Strongly recommended for all accounts.Access Control
We enforce least-privilege access policies with mandatory MFA for all staff who can access production systems. Every access is logged and auditable, and support can only view your data with your explicit permission.Security Practices
We conduct code reviews and vulnerability scanning, manage dependencies with timely patching, and maintain 24/7 monitoring for suspicious activity. Documented incident response procedures ensure rapid handling of any issues. Report Issues Found a vulnerability? We appreciate responsible disclosure: [email protected]Data Deletion
When you close your account or disconnect your email:- Email data deleted within 30 days
- Access logs deleted within 90 days
- Backups purged on normal cycles
Best Practices
Protect Your Account- Enable 2FA on your Email account
- Use OAuth sign-in (Google/Microsoft)
- Review active sessions regularly
- Revoke access via your email provider anytime
Compliance
- GDPR compliant (EEA data storage)
- Google API Services User Data Policy
- Standard Contractual Clauses for data transfers