Security
Security, Privacy & Trust Center
Built with privacy and security at the core. Your data is protected by industry-standard encryption, SOC 2 practices, and comprehensive access controls.
- Encryption at Rest & Transit
-
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. API keys are hashed and never stored in plaintext.
- Configurable Retention
-
Emails are automatically deleted after your plan's retention period. Free: 7 days, Pro: 30 days, Business: 90 days, Enterprise: unlimited.
- Signed Webhooks
-
All webhook payloads are signed with HMAC-SHA256. Verify the signature to ensure authenticity.
- No AI Training
-
We never use your email data to train AI models. Your data stays yours.
- Compliance
-
GDPR compliant. DPA available for enterprise customers. SOC 2 Type II in progress.
How We Handle Your Data
- Email Content
- Stored encrypted. Deleted after retention period. Never shared or sold.
- Metadata
- Sender, recipient, timestamps stored for API functionality. Anonymized for analytics.
- Attachments
- Stored in encrypted S3. Deleted with parent email. Size limits apply per plan.
- API Logs
- Request/response metadata retained for 30 days. IP addresses anonymized.