Built so we can't read it.
Security isn't a layer we add on top — it's the shape of the product. Here's how your mail is protected, and how to tell us if you find a hole.
Last updated 1 June 2026
1Encryption
- End-to-end by default. Messages are encrypted with OpenPGP — sealed on your device, opened on the recipient's.
- Keys stay with you. Your private keys are generated and kept on your device. We never receive them.
- Ciphertext at rest. What lands on our servers is unreadable to us. There is no master key.
- Encrypted in transit. All connections use modern TLS, with opportunistic and enforced transport encryption for mail wherever the other side supports it.
2What our servers actually see
Ciphertext, an email address, and the technical minimum needed to route and deliver mail. No readable message bodies, no advertising profile, no log of who you write to. Because we don't hold the keys, a breach of our storage exposes encrypted blobs, not your correspondence.
3Account protection
- Passwordless sign-in by secure, single-use email links — nothing to phish or reuse.
- Tracking pixels and remote beacons are stripped from inbound mail before it reaches you.
- Rate limiting and abuse detection on authentication and sending, to protect you and the platform.
4How we operate
We keep the attack surface small on purpose: minimal data collected, minimal third parties involved, and infrastructure providers who only ever handle encrypted data on our instructions. Access to production systems is limited, logged, and reviewed. We patch promptly and prefer boring, well-understood technology over novelty.
5Responsible disclosure
If you've found a vulnerability, we want to hear from you — and we'll treat you well for telling us. Email security@posthush.com with enough detail to reproduce the issue. Please give us reasonable time to fix it before going public, and don't access or modify other people's data while testing.
We aim to acknowledge reports within two business days, keep you updated as we work, and credit researchers who'd like to be named once a fix has shipped. Acting in good faith under this policy, you won't face legal action from us.
6Encrypted reports
Prefer to send sensitive findings encrypted? Email security@posthush.com and ask for our current PGP public key — we'll share it before you send any details.
In scope
Our web app, marketing site, mail handling, and account systems. Out of scope: volumetric denial-of-service, social engineering of our staff, and reports that require a user to disable their own protections. When in doubt, ask first.