Security at Gajaro
We handle your email data. That's a serious responsibility. Here's how we protect it.
Encryption
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Email content, metadata, and user credentials are protected at every layer.
Authentication
We use OAuth 2.0 for mailbox connections — we never store your email passwords. Access tokens are encrypted and can be revoked at any time from your email provider's settings.
No Cross-Customer Training
Your email data is not used to train AI models that serve other customers. Your data is processed solely to provide the service to you and your team.
Infrastructure
Gajaro runs on industry-standard cloud infrastructure with role-based access controls, network isolation, and automated security patching.
Data Retention
You control your data. Disconnect a mailbox and we delete its processed data within 30 days. Delete your account and all associated data is removed.
Compliance
We're working toward SOC 2 Type II and GDPR compliance. As an early-stage product, we're building compliance into our foundation — not bolting it on later.
A Note on Honesty
We're an early-stage product. We don't yet have SOC 2 certification or a formal penetration test report. We're building toward those milestones and will share updates as we reach them.
What we can tell you: security is a design priority, not an afterthought. We encrypt everything, we don't train on your data, and we give you full control over your connected mailboxes.
Security questions?
If you have specific security questions or need more detail, get in touch.
Contact Us