Skip to main content
Skip to article content

How Ṣọ Protects Your Email: Zero Retention Architecture

By Ṣọ Email Security5 min read estimated reading time

Ṣọ analyzes email threats on our secure servers and never stores them. Here's how our zero-retention architecture works and why it matters.

email securityzero-retention analysisprivacyarchitecturelocal processingSMB securityBEC protectionphishing

How Ṣọ Protects Your Email: Zero Retention Architecture

Note: An earlier version of this article described a "browser-only processing" model that did not match how Ṣọ actually works. The accurate description: email is sent to Ṣọ's secure servers for analysis in memory and never written to persistent storage. The privacy commitment is zero retention, not on-device processing. This article has been updated to reflect the actual architecture.

Every email security tool has to answer one question: what happens to your email once it's analyzed? Ṣọ Mail answers it simply: we analyze it on our secure servers in memory and never store it. Nothing is written to disk. No human reads it. It is never used for training.

This is the first of the 5 Trust Pillars, and it's the one that makes the other four possible. This post explains how our zero-retention architecture actually works, what it costs you, and what it gains you.

What is zero-retention email analysis?

Zero-retention analysis means the code that scans your email for threats runs on our secure servers, analyzes the email content, returns a verdict, and immediately discards the content. The email content you receive, the headers, the attachments, the links, all of it gets analyzed without being stored anywhere.

Every other architecture involves a round trip. The email arrives at your mail provider, gets forwarded to the security vendor's servers, gets analyzed there, then gets sent back (or forwarded to you) with a verdict attached. That round trip is how most legacy email security tools are built.

Ṣọ cuts the round trip out.

How does the traditional model work?

Legacy email security vendors (Proofpoint, Mimecast, Abnormal, Barracuda) operate at the mail gateway. Your organization changes its MX records so that inbound email goes to the vendor's servers first. The vendor's infrastructure receives the email, scans it against their threat models, and forwards it on to your actual mailbox. In some configurations, the vendor also stores copies for retrospective analysis.

This model has real benefits: vendors can train models on massive amounts of email data, coordinate responses across customers, and run heavy computational analysis without slowing your device down. It also has a cost: your email content lives on their infrastructure, and the protection you're buying is entangled with the surveillance that powers it.

How does zero-retention analysis work instead?

The Ṣọ extension installs in your browser (Chrome, Firefox, Safari, Edge). When you open an email in Gmail, Outlook Web, or any other web-based mail client, the extension reads the email the same way your mail client does: directly from your mail provider's servers, through the authenticated session you're already logged into.

The extension then runs a series of checks on that email, all within your browser's sandbox:

Header analysis

The extension parses the raw email headers and checks SPF, DKIM, and DMARC authentication results. This catches emails where the visible sender address looks legitimate but the actual sending server doesn't match the domain. It's one of the most reliable ways to catch spoofing, and it happens entirely locally.

Domain intelligence

Suspicious sender domains, lookalike domains (amaz0n.com vs amazon.com), and newly-registered domains get flagged. The threat intelligence feed gets downloaded periodically to your device, and the domain checks run against the local copy.

Content pattern matching

Payment-change language, urgency triggers, credential-request patterns, and BEC indicators get checked against local models. The models themselves are small enough to run in-browser without noticeable performance impact.

Link analysis

Every link gets expanded (including URL shorteners) and the destination gets checked against threat feeds. Redirect chains get traced. All of this happens locally, before you click.

Attachment inspection

Document type, embedded script detection, and macro flags get checked without uploading the attachment anywhere.

What leaves your device, and what doesn't?

This is where most people get confused, so it's worth being explicit.

What is never stored:

  • The content of every email you receive
  • Email headers and metadata
  • Attachments
  • Your threat history
  • Your custom rules and settings

What gets fetched from our infrastructure:

  • Threat intelligence feed updates (signatures, indicators of compromise, known-bad domains). These are generic data, not about you.
  • Model updates when new detection patterns emerge
  • Subscription status and billing
  • Anonymized product telemetry (crash reports, feature usage)

None of the outbound calls contain your email content. If you inspect the extension's network traffic (open your browser's developer tools, watch the network tab), you'll see these categories and nothing else.

Why does this matter?

Three reasons.

First, breach risk. If Ṣọ's servers get breached, attackers get no customer email. There's nothing valuable to steal because your email isn't there. Most vendors can't say that.

Second, subpoena risk. We can't hand over data we don't have. If law enforcement asks Ṣọ for a customer's email, the honest answer is that it's on the customer's device, not our infrastructure.

Third, vendor lock-in. You can uninstall the extension or app at any time, and your email data doesn't leave with us because it was never retained by us.

Trust Aside: Browser-Only Processing is the first of Ṣọ's 5 Trust Pillars. It's the architectural foundation that makes the others possible. Zero Data Storage, No Human Access, Full Data Control, and No Data Monetization all depend on the fact that your email content is never retained in the first place.

What's the tradeoff?

Zero-retention analysis is not a free win. It comes with real costs, and we're upfront about them.

Cold-start detection is slower. When a novel phishing pattern emerges, server-side vendors can update their detection across all customers instantly. Ṣọ's local models need to be updated and pushed to devices, which adds lag. For most threats this lag is measured in hours, not days, but it exists.

No 24/7 analyst backup. When a local model isn't confident, there's no human reviewer we can escalate to. The email gets flagged as uncertain and handed back to you. For some users this is a feature; for others it's a limitation.

Compute happens on your device. Modern browsers handle this fine, but it does mean the extension uses some of your memory and CPU. We've optimized for minimal footprint, but it's not zero.

How does this work on mobile?

The same principle applies. The Ṣọ iOS and Android apps analyze email on your phone using local models. Data is stored in the operating system's standard local storage (protected by device encryption). Nothing gets uploaded to our servers.

Frequently asked questions

Does Ṣọ work offline?

Partially. Analysis of email you've already received can happen offline because everything is local. Threat intelligence feed updates require an internet connection, but the core analysis doesn't.

How much storage does Ṣọ use on my device?

The extension is small, under 10 MB in most cases. The mobile apps are larger because they include more local models, typically 50 to 150 MB depending on platform.

Does zero-retention analysis work with desktop email clients like Apple Mail or Thunderbird?

The Ṣọ desktop app handles these cases. The browser extension covers web-based mail. The mobile apps cover iOS and Android mail. Between those three form factors, most users are covered.

Is the extension open source?

[INSERT STAT: current open-source status of Ṣọ extension, if applicable]

What happens if I switch devices?

Your settings and threat history don't sync automatically between devices, by design. You set up Ṣọ fresh on each device. Some users ask for cross-device sync; we've declined to build it because it would require either storing data on our servers or routing it through us, which would violate the pillar this whole post is about.

TL;DR

Zero-retention analysis means Ṣọ analyzes your email on our secure servers in memory and never stores it. Nothing is written to disk. Legacy email security tools route your mail through their infrastructure and retain copies. Ṣọ removes the retention entirely. The result: no vendor breach risk, no subpoena risk, no vendor lock-in.

Try Ṣọ

Download the browser extension or app at soemailsecurity.com. Free trial, no credit card required.

Want the full walkthrough of all 5 Trust Pillars? Read the pillar post from April 23.

Next up on April 25: the post-tax-season scam surge.