Security

At Mailneo, security is our top priority. We employ industry-leading security measures to protect your data and ensure the reliability of our platform.

Security Practices

• Regular third-party security audits and penetration testing
• Security incident response team available 24/7
• Regular security training for all employees
• Vulnerability disclosure program with responsible researchers

Data Security Features

• Automatic session timeout after inactivity
• IP allowlisting for enterprise accounts
• Audit logs for all data access and modifications
• Secure API keys with granular permissions
• Data loss prevention (DLP) policies
• Regular automated backups with point-in-time recovery

Email Account Security

When you connect email accounts (Gmail, Microsoft Outlook, Zoho Mail, or custom SMTP/IMAP), we take extra precautions to protect your credentials and data:

• Encrypted credential storage: All OAuth tokens and SMTP/IMAP credentials are encrypted using AES-256 before storage
• No password storage for OAuth: For Gmail, Outlook, and Zoho, we never store your password - only secure OAuth tokens provided by each provider
• Minimal permissions: We only request the specific permissions needed for our features from each provider
• Token refresh security: Refresh tokens are stored separately with additional encryption layers
• Immediate revocation: When you disconnect an account, tokens and credentials are immediately deleted from our systems

Provider Compliance:

• Google Gmail: Follows Google's API Services User Data Policy, including Limited Use requirements
• Microsoft Outlook: Compliant with Microsoft Graph API security requirements
• Zoho Mail: Follows Zoho's API security guidelines and data handling policies
• SMTP/IMAP: Credentials transmitted over encrypted connections (TLS) and stored with AES-256 encryption