Trust Center

Security at MailPrism

Your email is personal. We've built MailPrism with security and privacy at its core — not as an afterthought.

Security Practices

Encryption Everywhere

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Your credentials and tokens are encrypted with additional application-level encryption.

Row Level Security

Database-level isolation ensures users can only access their own data. Even our own engineers cannot access your information without explicit authorization.

Privacy by Default

Tracking pixels are blocked by default. Email content is processed in memory and never stored permanently. We only retain metadata necessary to provide our service.

Secure Authentication

We support passkeys (WebAuthn), multi-factor authentication, and secure OAuth 2.0 for Gmail integration. We never see or store your Gmail password.

How We Handle Your Data

What we store

Email metadata (sender, subject, timestamps) for tracking and automation
Your automation rules and preferences
AI-generated summaries (cached for performance)
Audit logs of actions taken

What we never store

Your Gmail password — we use OAuth 2.0, always
Email attachments — accessed directly through Gmail
Full email body content — fetched fresh from Gmail each time (unless you opt-in to AI training)

Optional: AI Training Data

When you provide feedback on AI responses to improve your experience, that specific email content may be stored. This is entirely opt-in, and you can delete your training data at any time from your settings.

Compliance Roadmap

GDPR Documentation

Complete

Google API Compliance

In Progress

Limited Use policy adherence — consent mechanism in progress

Activity Logging

Complete

Complete audit trail of all actions

SOC 2 Type I

Planned

Security, availability, and confidentiality controls

SOC 2 Type II

Planned

Ongoing compliance monitoring

ISO 27001

Planned

Information security management certification

Subprocessors

We use the following third-party services to provide MailPrism. All subprocessors are bound by data processing agreements.

Service	Purpose	Location
Supabase	Database, authentication, and backend infrastructure	United States
Vercel	Application hosting and edge network	Global (Edge)
Google Cloud (Gmail API)	Gmail API, Pub/Sub real-time notifications, and OAuth infrastructure	United States
Stripe	Payment processing (no card details are stored on our servers)	United States
OpenAI	AI email analysis (data sent via API is not used for model training)	United States
Anthropic	AI email analysis and text generation (not used for model training)	United States
Google (Gemini)	AI email analysis (alternative provider)	United States
SendGrid (Twilio)	Transactional email delivery (verification and notification emails)	United States
Resend	Transactional email delivery (alternative provider)	United States
Upstash	Rate limiting, caching, and background job processing (no email content)	Global
Sentry	Error and performance monitoring (with PII scrubbing applied)	United States
ClickUp	Optional user-initiated integration (only receives data you explicitly connect)	United States

Last updated: June 2026

Security Contact

Found a vulnerability? Have security questions? We take all reports seriously.

hello@mailprism.ai Privacy Policy