What we hold ourselves to.
The non-negotiables, in language you can read. Encryption everywhere, minimum scopes, contentless push, and an audit log a database trigger refuses to mutate.
Your provider tokens never leave our server.
OAuth refresh tokens stored as encrypted bytea under a per-user DEK, itself wrapped by a KMS customer master key. Tokens are never sent to the browser, never logged. Refresh tokens rotate; revocation propagates on unlink or delete.
We ask for the minimum OAuth scopes.
gmail.modify (not the restricted full-mail scope), gmail.settings.basic, calendar, and contacts for Google. Mail.ReadWrite, Mail.Send, Calendars.ReadWrite, MailboxSettings.ReadWrite, Contacts.ReadWrite, OnlineMeetings.ReadWrite, offline_access, and User.Read for Microsoft Graph.
Encryption end-to-end, on the wire and at rest.
TLS 1.2+ in transit for every provider API call and every client-server request. AES-GCM at rest for OAuth tokens, BYOK API keys, email subjects, event and task titles, and attachments, under per-user or per-account DEKs wrapped by a KMS CMK.
Email bodies never appear in logs.
Bodies are encrypted per-account at rest. Attachment bytes are decrypted server-side to a 90-second signed URL and never persist in the function runtime. Sentry strips T0 and T1 fields before transmission — bodies never reach error reports or traces.
The audit log is append-only.
Database triggers reject UPDATE and DELETE. Every row carries a hash of the previous so the chain is tamper-evident. Provider mutations (send, archive, label, RSVP, calendar create/update/delete, attachment download, AI action, account link/unlink) are all audited.
AI never mutates without your confirmation.
Send, archive, delete, RSVP, and schedule actions always require an explicit keystroke or click — no auto-send, no auto-delete, no auto-RSVP. A master kill switch in Settings disables AI entirely. Token counts and model names are recorded; prompt and response text is not.
Push notifications are contentless.
Subjects and senders are fetched from an authenticated endpoint after the device wakes — they never transit the public Web Push pipeline or Supabase Realtime. VAPID-signed, per-device opt-in, browser-managed permission.
Spam and phishing signals you can see.
SPF, DKIM, and DMARC verdicts parsed from Authentication-Results and surfaced inline. Punycode, lookalike-brand, display-name spoof, and Reply-To mismatch heuristics flag suspect mail. RFC 8058 one-click unsubscribe — no third-party redirects. Provider-side block-sender is auditable and reversible.
Webhooks are verified, not trusted.
Dodo Payments webhooks verified via Standard Webhooks HMAC-SHA256 with a 5-minute replay window and key-rotation support. Provider push subscriptions (Gmail Pub/Sub, Microsoft Graph) verified on receipt.
Infrastructure built on attested platforms.
Hosted on Netlify (SOC 2) and Supabase (SOC 2 Type II). Database access via Supabase poolers — no direct internet exposure. Secrets live in Netlify env vars and GitHub Actions secrets; pre-commit and CI checks enforce no secrets in source.
GDPR export and delete are live from day one.
Self-serve JSON export with signed URL (metadata and subjects — full mailbox export remains with your provider). Account delete with 30-day cancelable grace, then irreversible cascade. Google tokens revoked via /revoke on delete; Microsoft tokens local-cleared (Microsoft does not expose a programmatic consent-revoke API).
Responsible disclosure.
Found a security issue? Email [email protected]. We will acknowledge within 3 business days and work the issue with you. Good-faith research that respects user privacy and avoids service disruption is welcomed under safe-harbor.
Encrypted tokens, minimum scopes, append-only audit log. GDPR from day one.
Request access.