Skip to main content
Privacy you can verify

Your email never touches our servers

Most security tools need access to your email to protect it. Not this one. Here is exactly how your data flows, what leaves your device (almost nothing), and how you can prove it.

How your data flows

From inbox to protection in 5 steps

Step 1

Email arrives

In Gmail or Outlook, like normal.

Step 2

Read on your device

In your browser, phone, or desktop app. Not on a server.

Step 3

AI analyzes on-device

Threat signals, categorization, risk score.

Step 4

Result shown to you

Safe or risky, with a plain-language reason.

Step 5

Nothing sent

Zero email content leaves your device. Ever.

What leaves your device

A complete list. If it is not here, it stays on your device.

  • Your email address (for login only)
  • Anonymized threat patterns (no personal content)
  • Breach scan requests (just the email, never passwords)
  • Email body, subject, or attachmentsNEVER
  • Contact lists, calendar events, or filesNEVER
  • Meeting audio, video, or transcriptsNEVER

Verify it yourself

Open Chrome DevTools while using the extension. Go to the Network tab. Filter by your email domain. You will see zero outbound requests containing your email content.

// Chrome DevTools > Network tab
// Filter by "mail.google.com" or "outlook.com"
Outbound email content: 0 requests
Meeting audio sent: none
Transcripts uploaded: none

This works because all AI models run locally via WebAssembly. The extension does not phone home with your data.

How we compare

Other tools need your email. We don't.

IRONSCALES, Barracuda, Abnormal, and most enterprise tools route your email through their cloud to scan it.

QuestionThemUs
Routes your email through their servers?
Stores your email content on their cloud?
Requires DNS or MX record changes?
Needs IT admin setup?
Can read your email body?
Works in under 60 seconds?

Available everywhere

Feature availability by platform

Some features require browser-level access and are only available on the Chrome extension. Core protection works across all platforms.

Feature
Extension
Mobile
Desktop
Email threat scanning
Phishing and spoofing detection
Link and attachment analysis
Email categorization
Dark web breach monitoring
Breach alert emails
Suggested replies
Inline threat banners in Gmail/Outlook
Email tracker blocking
Audio deepfake detection--
Video deepfake detection--
Live meeting transcription--
VPN / datacenter detection--
Post-meeting recap--
Calendar integration-
Snooze and scheduled send-

Compliance

Standards we meet

Google CASA Verified

Passed Google's Cloud Application Security Assessment for Workspace API access.

GDPR Compliant

European privacy standards. Data minimization. Right to access, correct, and delete.

Zero-Knowledge Architecture

Email content is processed on your device. We structurally cannot read your email.

Encrypted in Transit

All data transmitted between your device and our servers uses TLS encryption.

What we retain and for how long

Email content (body, subject, attachments)Never stored on our servers
Meeting audio, video, and transcriptsNever leaves your device
Breach scan resultsUntil you delete your account
Account info (name, email)Until you delete your account
OAuth tokensEncrypted, duration of service use
Reported false positives (de-identified)90 days maximum
Billing and tax records7 years (legal requirement)