· Account & Billing

Security

Two-factor authentication, credential encryption, access controls, and the audit log.

This page covers the security controls available to you as a user. For the platform-level security architecture, see the Trust & Security pages.

Two-factor authentication

1. 01Enable TOTPIn Settings → Security, enable two-factor authentication and scan the QR code with an authenticator app.
2. 02Save backup codesDownload your single-use backup codes and store them somewhere safe. Each code works once if you lose your authenticator.
3. 03Review activityThe security tab also shows recent sign-in activity for your account.

How your credentials are protected

• —Mailbox IMAP/SMTP passwords are encrypted with AES-256-GCM before storage.
• —Credentials never appear in logs, Redis, admin views, or support tooling.
• —Database row-level security scopes every query to your own workspaces and mailboxes.
• —Workspace role permissions are enforced server-side on every API route.

Workspace audit log

On Business and Enterprise plans, workspace events — invitations, role changes, member removal, mailbox changes — are recorded with actor and timestamp. Owners and admins can browse the trail with filters and export it as CSV (export requires Enterprise).

Support access

If platform support investigates an issue with your account, the support session is explicitly activated, scoped, and recorded. Support tooling cannot read your message bodies or credentials.