TELVRIX

Security

Security that is enforced, not announced

Every security property on this page is implemented in code you can run yourself: AES-256-GCM credential encryption, TOTP two-factor auth with backup codes, row-level security, and server-side permission checks.

Request beta accessSee pricing

The problem

Email tools concentrate risk

An email management tool holds the most sensitive credentials a team has. If those credentials leak — through logs, support tooling, or an over-permissive admin panel — the blast radius is every connected account.

The TELVRIX approach

Defense in the data path

TELVRIX encrypts IMAP and SMTP credentials with AES-256-GCM before they touch the database. They are excluded from logs, never cached in Redis, and not visible in any admin or support view — including to platform operators.

Access control is layered: Supabase row-level security at the database, workspace role checks on every API route, capability-gated admin routes, and an append-only event log recording who did what.

Workflow

The layers between a request and your mail

  • 01

    Authentication

    Supabase Auth sessions, with optional TOTP two-factor and single-use backup codes.

  • 02

    Row-level security

    Database policies scope every query to the requesting user’s own workspaces and mailboxes.

  • 03

    Role enforcement

    API routes verify workspace roles and admin capabilities before acting — UI state is never the gate.

  • 04

    Audit trail

    Workspace and admin events are recorded with actor, type, and timestamp, and are exportable as CSV.

Security — Acme Support

Sign-in methods

Email + password, TOTP 2FA enabled

Active

Access controls

Invite-only membership

Enforced

Activity log

Last event: member role changed, 2h ago

Compliance export

CSV export of members and audit events

Workspace security page

Capabilities

What you get.

AES-256-GCM at rest

Mailbox passwords are encrypted before storage and decrypted only at the moment of IMAP/SMTP connection.

Two-factor authentication

TOTP-based 2FA with downloadable single-use backup codes.

Session activity

Review recent sign-in activity for your account from settings.

Server-side permission checks

Workspace roles and admin capabilities are validated on every API route.

No secrets in logs

Structured logging excludes credentials, message bodies, subjects, and recipients by design.

Scoped, audited support access

Operator support sessions are explicitly activated, scoped, and recorded — and never expose credentials.

AvailabilityCredential encryption, 2FA, RLS, and role enforcement apply to every plan. The workspace audit log requires Business; compliance export requires Enterprise. SSO/SAML and SCIM are roadmap items — see /roadmap.

Related

Audit & Compliance

An append-only activity log with filtering and CSV export.

Learn more

Workspaces

Organize people and mailboxes with roles, invitations, and plan-level controls.

Learn more

Admin Operations

A real operator console: queues, workers, providers, plans, and platform settings.

Learn more

Read the documentation →

Put security to work.

TELVRIX is in closed beta. Apply for access, or sign in if you already have an invite.

Request beta accessI have an invite
PricingDocumentationContact