Security & privacy

Security is built‑in: OAuth sign‑in, minimal scopes, and encryption everywhere. MailMaid never trains on your data. Admins control retention, export, and deletion.

Data protection

  • • TLS 1.2+ in transit; AES‑256 at rest
  • • Fine‑grained OAuth scopes for Gmail/Outlook/Calendar
  • • Bring‑your‑own‑keys option
  • • Per‑tenant encryption keys (enterprise)
  • • Data residency: US/EU

Compliance roadmap

  • • SOC 2 Type II
  • • Google OAuth Verification
  • • Microsoft 365 Publisher Verification
  • • SSO / SCIM for enterprise

Privacy

We don’t sell or share personal data. We process email content solely to provide features you enable. You can disable learning, reset voice profiles, and delete all data anytime.

Read the Privacy Policy →

Responsible disclosure

Report security issues to security@mailmaid.ai. We triage within 24h and credit researchers. Our policy is published in /.well-known/security.txt.