Security

Built on a quiet, encrypted foundation.

Zer0 Email handles your inbox — that means we take encryption, transport security, and third-party audits seriously. Verify everything below for yourself.

Trust signals

SSL / TLS
A+
Verified

TLS 1.3 with forward secrecy and post-quantum key exchange (X25519MLKEM768).

Verified by SSL Labs
Security Headers
A+
Verified

HSTS preload, CSP, and frame protection headers enforced at the edge.

Verified by Mozilla Observatory
CASA Tier 2
In progress
In progress

Independent security audit required for Google API restricted scopes.

Verified by Cloud Application Security Assessment

How we protect your inbox

Encryption in transit

All traffic is served over TLS 1.3. HSTS is enforced with a 2-year max-age and includeSubDomains.

OAuth-only Gmail access

We never see your Google password. Tokens are scoped, refreshable, and revocable from your Google account at any time.

Minimal data retention

Email content is processed in memory for AI tasks. We store metadata required for rules and digests, not full message bodies.

No training on your data

Your email is never used to train models — ours or any third-party provider's.

Reporting a vulnerability

If you believe you've found a security issue, we'd like to hear from you. Email us with reproduction steps and we'll acknowledge within 48 hours.

support@poppushai.com