Your emails are confidential. Period.

Security is not a feature we bolted on. It is our number one priority — baked into every layer of SiftInbox from day one.

Defense in Depth — 6 Layers of Protection

We do not rely on a single lock. SiftInbox uses six independent security layers so that compromising one cannot expose your data.

Layer 1 — AES-256 Full Database Encryption

Every byte on disk is encrypted with SQLCipher — including indexes, write-ahead logs, and metadata. Even with physical access to the server, the database is unreadable without the encryption key.

Layer 2 — Independent Field Encryption

OAuth tokens, email bodies, draft text, and AI-generated snippets receive a second encryption layer using Fernet with a completely separate key. Compromising one key cannot expose both layers.

Layer 3 — Webhook Authentication

Every inbound webhook request is verified using timing-safe comparison to prevent replay and injection attacks. Rate limited to prevent abuse.

Layer 4 — Strict Tenant Isolation

Every database query enforces user and tenant boundaries. Cross-user data isolation is tested in CI as a mandatory security gate — the build fails if isolation is broken.

Layer 5 — Startup Validation

If any required security secret is missing, the application refuses to start. No silent fallbacks, no degraded modes — immediate shutdown with a clear error message.

Layer 6 — Log Sanitization

Email addresses are redacted in all logs. Email bodies are never persisted in log output. No credentials, tokens, or sensitive content ever appear in application logs.

What We Never Do

Never auto-send emails

SiftInbox only creates drafts. The system is architecturally incapable of sending — the send API is never called.

Never store your email password

OAuth only — the same standard used by Google and Microsoft. We never see or store your password.

Never share data between accounts

Even within the same organization, each user's data is fully isolated. No cross-account access, ever.

Never log email content

Addresses are redacted, bodies are never written to logs. Diagnostic logging exists — but it never contains your data.

Never sell or share your data

Your email is yours. We do not monetize your data, period.

How AI Processing Works

SiftInbox uses AI to classify and draft replies. Here is exactly what we send and what we keep.

  • Truncated input: Email bodies are truncated to 4,000 characters before AI processing. Full emails are never sent to the AI provider.
  • Minimal data sent: Only the sender, subject line, and truncated body are sent for classification — never full threads or attachments.
  • No long-term storage: AI responses are used for classification and draft generation, then discarded. They are not stored or used for training.
  • Disconnect anytime: When you disconnect your email account, OAuth credentials are immediately destroyed.

Compliance & Infrastructure

  • Hosted on Fly.io with encrypted volumes
  • Two independent encryption keys protect different data layers
  • OAuth tokens encrypted with a separate key from the database
  • Session cookies: HttpOnly, Secure, SameSite=Lax
  • CSRF protection on all OAuth flows
  • All data deleted on account cancellation — nothing retained

Try SiftInbox Free — Your data is safe with us

7-day free trial. No credit card required.

Start Free Trial