Security

Security & Trust

Built with privacy and security at the core. Your data is protected by industry-standard practices.

Encryption at Rest & Transit: All data is encrypted using AES-256 at rest and TLS 1.3 in transit. API keys are hashed and never stored in plaintext.
Configurable Retention: Emails are automatically deleted after your plan's retention period. Free tier: 1 hour. Paid tiers: 7-90 days.
Signed Webhooks: All webhook payloads are signed with HMAC-SHA256. Verify the signature to ensure authenticity.
No AI Training: We never use your email data to train AI models. Your data stays yours.
Compliance: GDPR compliant. DPA available for enterprise customers. SOC 2 Type II in progress.

How We Handle Your Data

Email Content: Stored encrypted. Deleted after retention period. Never shared or sold.
Metadata: Sender, recipient, timestamps stored for API functionality. Anonymized for analytics.
Attachments: Stored in encrypted S3. Deleted with parent email. Size limits apply per plan.
API Logs: Request/response metadata retained for 30 days. IP addresses anonymized.