Forwarding your sales emails to a third party is a serious trust decision. Here is exactly what we do with your data, what we do not do, and how your emails are protected from the moment they arrive.
All stored email data is encrypted at rest using AES-256 via Supabase. Your data is unreadable without the decryption keys.
All data moving between your browser, our servers, and our infrastructure is encrypted in transit. No plain-text transmission, ever.
Your emails are never used to train any AI model — not ours, not Anthropic's. Anthropic's API terms explicitly prohibit training on customer API inputs.
Your email data is never sold, rented, licensed, or shared with any third party for any commercial purpose. Full stop.
You own your data. Request full deletion of your account and all associated email data at any time. We complete deletion within 30 days.
Only engineers on the core team can access infrastructure, and only when needed for support. Access is logged and reviewed.
No. This is the question we get asked most, and the answer is unambiguous.
When Mailrecon analyzes your emails, it sends them to Anthropic's Claude API — the same AI model that powers thousands of enterprise applications. Anthropic's API terms of service explicitly prohibit using API inputs to train or improve their models. Your emails are processed and then discarded.
Mailrecon also has no AI training pipeline. We do not maintain a training dataset. Your emails exist in our system for one purpose: answering your questions and generating your reports.
Your forwarded email arrives at our Postmark inbound address via standard SMTP. Encrypted in transit over TLS.
The email is written to your Supabase database. Encrypted at rest using AES-256. Indexed so the AI can retrieve it later.
When you ask a question or a weekly report runs, relevant emails are sent to the Anthropic API over TLS. Anthropic processes and returns the answer. No retention, no training.
The AI-generated answer or report is returned to you. The raw email content stays in your account — only the result is sent to your screen.
You can delete any email or your entire account at any time. We run no background pipelines on your data beyond the features you use.
Mailrecon does not run on homegrown servers. Every piece of infrastructure we use has been independently audited. Here is what sits under your data.
Your email data is stored in Supabase — a SOC 2 Type II certified Postgres platform. Third-party auditors have independently verified their security controls.
VIEW SECURITY PAGE →Mailrecon runs on Vercel — a SOC 2 Type II certified edge platform. All application code and API endpoints run in Vercel's audited environment.
VIEW SECURITY PAGE →Email content sent to the AI for analysis goes through Anthropic's API. Anthropic's usage policy explicitly prohibits using API inputs to train or improve their models.
VIEW SECURITY PAGE →We are currently undergoing our own SOC 2 Type II audit with an independent third-party auditor. Until that report is available, enterprise customers can request our security questionnaire and references from our infrastructure providers' audited reports.
REQUEST SECURITY QUESTIONNAIRE →For teams in defense contracting, legal, healthcare, or any industry with strict data residency requirements — we offer Private Cloud deployment.
Mailrecon runs entirely inside your own AWS, Azure, or GCP account. Your database, your servers, your Anthropic API key. Your emails never leave your infrastructure. We provide the software. You own the stack.
Talk to Us About Private Cloud →Mailrecon is deployed into your AWS, Azure, or GCP account. You control the servers, the database, and the networking. We never have access.
All email data is stored in a Supabase or Postgres instance inside your account. Zero data flows to Mailrecon's servers — not even metadata.
You provide your own Anthropic API key. Email content goes from your servers to Anthropic under your account, not ours. Full AI quality — no local LLM compromise.
AI chat, weekly reports, lead tracking, analytics — everything in the standard product. Private Cloud is not a stripped-down version.
Dedicated onboarding, direct Slack support channel, and a 99.9% uptime SLA. Quarterly security reviews on request.
Your emails are accessible to you and any team members you add. Mailrecon engineers can only access infrastructure — not your inbox content — and only when needed to resolve a support issue. All access is logged.
No. Your emails are never used to train any AI model. When Mailrecon analyzes your emails using Anthropic's Claude API, that data is processed and discarded — not retained by Anthropic for training purposes, per their API terms.
Your email data is stored in Supabase (PostgreSQL), hosted on AWS infrastructure in the US-East region. Supabase is SOC 2 Type II certified. We do not currently offer EU-region data residency, but it is on the roadmap.
Yes. You can delete individual emails from your dashboard. To delete your entire account and all associated data, email support@mailrecon.ai with your account email. We complete full deletion within 30 days and will confirm when done.
Yes. Enterprise and Team plan customers can request a DPA for GDPR compliance. Email legal@mailrecon.ai with your company name and we will send one within 2 business days.
Not currently. Mailrecon is not designed for healthcare use cases and we do not offer Business Associate Agreements. If you are in a regulated industry like healthcare or defense, ask us about Private Cloud deployment.
Your account is deactivated immediately on cancellation. Your data is retained for 30 days so you can export it, then permanently deleted. We do not keep any email content after account deletion.
Technical questions about our security architecture, penetration testing, or infrastructure.
security@mailrecon.ai →GDPR compliance, DPA requests, or data residency requirements for your team or clients.
legal@mailrecon.ai →Deployment in your own cloud account, custom SLA, or a regulated-industry conversation.
enterprise@mailrecon.ai →