Built to be trusted.
Honest, current state of MailGeni's security posture, data handling, and compliance — including what we have, what's in progress, and what we haven't done.
Last updated April 26, 2026
The controls behind that promise
TLS 1.2+ everywhere
No plaintext traffic, anywhere in the stack.
Encryption at rest
Supabase Postgres TDE for OAuth tokens and preferences.
Authentication via Clerk
Industry-standard OAuth and session management. MFA available.
Server-only privileged access
Service-role key never leaves the server; client uses anon keys with RLS.
In-app data deletion
Settings → Delete account erases your data within seconds. No email request needed.
In-app provider disconnect
Disconnect Gmail, Calendar, or Outlook — Google access is revoked at the same time.
Rate limiting
Per-user limits on AI, mailbox-write, bulk, and credential endpoints.
Token expiry + audit trail
Extension bearer tokens expire after 90 days. Created and last-used timestamps recorded.
Documented incident response
Severity classes, regulator notification (Qatar / EU-UK / India), runbooks for key compromise + mass token revoke.
Dependency hygiene
Dependabot, GitHub Actions CI (typecheck + npm audit), secret-scanning push-protection.
RoPA + DPIA
Records of Processing Activities and Data Protection Impact Assessment maintained as living documents.
No human review
No member of MailGeni or our sub-processors reads your email content as part of normal operation.
Transient by design
Only the thread you have open is sent to our AI provider when you click Generate. Not your inbox.
Email content is not stored. It's held only in the request-lifecycle memory of the function, sent to Anthropic, and discarded once the reply returns.
Anthropic and OpenAI do not train on your data. API content is excluded from training under their commercial terms.
No member of MailGeni or our sub-processors reads your email content during normal operation.
Stated plainly
No certification badges we haven't earned. When something completes, this list updates and the report is available to enterprise customers under NDA.
Self-attested in the Privacy Policy. CASA Tier 2 assessment in progress to support OAuth verification.
Currently engaging an authorized lab. Updated here when complete.
Operator's home jurisdiction. Privacy Policy reflects PDPPL principles.
Practical compliance: lawful basis, sub-processor disclosure, in-app rights, DPIA, RoPA, breach process. Enterprise DPA on request.
Practical compliance for the data categories we process. Email content is not classified as 'critical personal data' under DPDPA.
Not yet pursued. Will be evaluated when an enterprise customer requires it.
Not yet pursued. Will be evaluated when an enterprise customer requires it.
Not in scope. MailGeni is not designed for handling Protected Health Information.
Who touches your data, and where
Authoritative list lives in the Privacy Policy.
Primary processing region: Mumbai, India. Cross-border transfers to US-based AI sub-processors are covered by Standard Contractual Clauses or equivalent under each provider's DPA.
Found a security issue?
Email us with the heading SECURITY: and a description. Acknowledged within 24 hours, triaged within 72.
Report itNeed a DPA, RoPA or DPIA?
Enterprise customers can request our Records of Processing Activities, DPIA, or a signed DPA. Response within 5 working days.
Request documents