Zero-Knowledge Dispatch
We cannot read the content of your deletion requests. Messages are prepared and sent so that replies go directly to you via Reply-To.
Security & Data Protection
Defense-in-depth for automated GDPR deletions. Encryption everywhere, least-privilege by default, and a zero-knowledge dispatch model.
SSL • SOC 2 • Zero-Knowledge
Core security principles
Encryption in Transit
All traffic is protected using TLS (HTTPS). HSTS is enabled to enforce secure connections.
Least-Privilege Access
Strict role separation for app, queue and database. Operational access is limited and audited.
Privacy by Design
We keep only minimal metadata required for troubleshooting and proof (e.g., provider status codes) and delete it on schedule.
Delivery & storage
Multi-Provider Routing
Primary: Mailjet; optional SMTP; resilient local queue fallback. Sender verification supported.
SQLite Hardening
WAL mode, timeouts, indices, and integrity checks. Regular maintenance tasks and safe backups with rotation.
Retention Controls
No permanent storage of email bodies; metadata only. Queue cleanup after 30 days; outbound log after 180 days.
Webhook Logging
Incoming provider events (sent, delivered, bounce, …) are normalized and stored as audit metadata.
Compliance & operations
GDPR Alignment
Article-17 deletion flows, clear lawful basis, DPA with processors, and transparent privacy notices.
Auditability
We record minimal technical facts (timestamps, provider IDs, status) to demonstrate processing — nothing more.
Responsible Disclosure
If you believe you found a vulnerability, please notify us via the contact page (topic “Security”).