Privacy you can verify

Your email is never stored or retained.

Most security tools store your email on their servers. We don't. Here is exactly how your data flows, what we retain (almost nothing), and the commitment we make to your privacy.

How your data flows

From inbox to protection in 5 steps

Step 1

Email arrives

In Gmail or Outlook, like normal.

Step 2

Read on your device

In your browser, phone, or desktop app. Not on a server.

Step 3

Analyzed on Ṣọ servers

Sent to our secure infrastructure for threat analysis. Deleted immediately after.

Step 4

Result shown to you

Safe or risky, with a plain-language reason.

Step 5

Nothing retained

Never stored, shared, or used for training.

What leaves your device

A complete list of what we send and what we retain. If it is not here, it is never stored.

Your email address (for login only)
Anonymized threat patterns (no personal content)
Breach scan requests (just the email, never passwords)
Email content stored or retained after analysisNEVER
Contact lists, calendar events, or filesNEVER
Meeting audio, video, or transcriptsNEVER

Verify it yourself

Email content is processed in memory on our secure servers and never written to persistent storage. You can verify what we retain in our data retention table — your email content does not appear there.

// What Ṣọ stores after analysis

Email body / subject: never stored

Meeting audio / video: never leaves browser

Transcripts: never uploaded

Meeting security (deepfake detection, transcription) runs locally in your browser via WebAssembly. Email threat analysis runs on our secure servers with zero retention.

How we compare

Other tools need your email. We don't.

IRONSCALES, Barracuda, Abnormal, and most enterprise tools route your email through their cloud to scan it.

QuestionThemUs

Stores your email content on their servers?

Retains email data after analysis?

Requires DNS or MX record changes?

Needs IT admin setup?

Can read your email body?

Works in under 60 seconds?

Available everywhere

Feature availability by platform

Some features require browser-level access and are only available on the Chrome extension. Core protection works across all platforms.

Feature	Extension	Mobile	Desktop
Email threat scanning
Phishing and spoofing detection
Link and attachment analysis
Email categorization
Dark web breach monitoring
Breach alert emails
Suggested replies
Inline threat banners in Gmail/Outlook
Email tracker blocking
Audio deepfake detection		-	-
Video deepfake detection		-	-
Live meeting transcription		-	-
VPN / datacenter detection		-	-
Post-meeting recap		-	-
Calendar integration	-
Snooze and scheduled send	-

Compliance

Standards we meet

Google CASA Verified

Passed Google's Cloud Application Security Assessment for Workspace API access.

GDPR Compliant

European privacy standards. Data minimization. Right to access, correct, and delete.

Zero-Retention Architecture

Email content is processed in memory on our servers, never written to disk. Never read by humans.

Encrypted in Transit

All data transmitted between your device and our servers uses TLS encryption.

What we retain and for how long

Email content (body, subject, attachments)Never stored on our servers

Meeting audio, video, and transcriptsNever leaves your device

Breach scan resultsUntil you delete your account

Account info (name, email)Until you delete your account

OAuth tokensEncrypted, duration of service use

Reported false positives (de-identified)90 days maximum

Billing and tax records7 years (legal requirement)