Your email is personal. We've built MailPrism with security and privacy at its core — not as an afterthought.
All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Your credentials and tokens are encrypted with additional application-level encryption.
Database-level isolation ensures users can only access their own data. Even our own engineers cannot access your information without explicit authorization.
Tracking pixels are blocked by default. Email content is processed in memory and never stored permanently. We only retain metadata necessary to provide our service.
We support passkeys (WebAuthn), multi-factor authentication, and secure OAuth 2.0 for Gmail integration. We never see or store your Gmail password.
When you provide feedback on AI responses to improve your experience, that specific email content may be stored. This is entirely opt-in, and you can delete your training data at any time from your settings.
Privacy policy, data export, and deletion controls
Limited Use policy adherence — consent mechanism in progress
Complete audit trail of all actions
Security, availability, and confidentiality controls
Ongoing compliance monitoring
Information security management certification
We use the following third-party services to provide MailPrism. All subprocessors are bound by data processing agreements.
| Service | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, and backend infrastructure | United States |
| Google Cloud (Gmail API) | Email access and processing via official Gmail API | United States |
| OpenAI | AI processing for email analysis and rule suggestions | United States |
| Anthropic | AI processing for email analysis (alternative provider) | United States |
| Vercel | Application hosting and edge network | Global (Edge) |
Last updated: February 2025
Found a vulnerability? Have security questions? We take all reports seriously.