Security

Data residency

All mail data is stored and processed on EU infrastructure (Hetzner, Germany/Finland). Optional AI features are opt-in per workspace and can be pointed at EU-hosted or self-hosted models.

Credentials

Mailbox credentials and OAuth refresh tokens are envelope-encrypted (AES-256-GCM under a root key) at rest. Only sync workers — never the API server or clients — can decrypt them.

Tenant isolation

Every workspace's data is isolated with PostgreSQL row-level security enforced on a non-superuser application role; isolation is covered by automated tests that assert cross-workspace reads and writes fail closed.

The privacy boundary is in the protocol

Visibility scoping (personal vs. shared mail) is applied where data is emitted, not filtered in the client — a client is never sent what its user may not see.

Provider access

Google (Gmail API) and Microsoft (Graph) access uses the minimal OAuth scopes needed to sync, write back read/archive state, and send on your behalf. Revoking access at the provider cuts Silktail off instantly. CASA (Cloud Application Security Assessment) verification is in progress ahead of public launch.

Disclosure

Found something? Mail security@silktail.app (mailbox pending MX setup) — we respond within 72 hours.