Security

2min

We take privacy and security seriously at EmailRule. That's why your emails are encrypted at rest, at work and in transit. We aren't end-to-end encrypted but we will discuss more on that below.



End-to-end encryption requires that both the sender & receiver are using the same email client which support the encryption & decryption process of the data payload. Services can only guarantee this when sending to clients in their own service, not outside.

Since EmailRule is a management/forwarding system we generally recieve mail for various different vendors. This mail is sent unencrypted but uses TLS to ensure in-transit so your data is encrypted en-route. The moment we recieve your email it is immediately encrypted and store it securely in our data store. What does this mean for you?

  • In Transit - We enforce TLS on all incoming and outgoing emails. This means you get end-to-end protection for your mail in-transit. When we say for your eyes only we mean it.
  • At Work - Emails are only decrypted when it is absolutely required. We decrypt your emails for 3 reasons:
    1. We need to send your email
    2. We recieve your email and need to pull initial metadata such as who sent it, who it was sent to and some other metadata.
    3. You request to view the mail on the EmailRule website.
  • At Rest - All emails are CSE (client side encrypted). Even if a malicious actor gains access to the file they won't be able to decipher the content inside. This means security no matter the circumstance.
  • Everywhere Else - We track access to your data. Any data access is logged and reviewed monthly. We store emails for a maximum of 30 days before we destroy them. This means you're being protected at all times.

We take security seriously. If you think we are falling short somewhere we would love to hear from you

Updated 25 Mar 2024
Doc contributor
Did this page help you?
PREVIOUS
GoDaddy - Adding records
Docs powered by Archbee