TELVRIX
Closed Beta

Trust & Transparency

TELVRIX is a privacy-first email client. We sync your mailboxes using your own IMAP/SMTP credentials. We don't read, analyze, or sell your email content. Here's exactly what we do — and what we don't.

Credentials encrypted

IMAP and SMTP passwords are encrypted at rest using AES-256-GCM. Never stored in plaintext.

Your data in Supabase

Message metadata and content are synced to a Supabase PostgreSQL database with row-level security.

Your servers, your mail

We connect to your mail provider using your credentials. Mail stays at your provider — we read and index it.

No cross-user access

Row-level security ensures each user's data is only readable by that user. No shared data pools.

No email analysis

We don't analyze email content for advertising. No content scanning, no behavioral profiling.

Admin privacy

Operators can see mailbox health and sync status. Message bodies and subjects are never shown in admin views.

What TELVRIX stores

When you connect a mailbox, TELVRIX syncs your emails into a hosted database so you can search, label, and manage them from any device. This database is your Supabase project — not shared with other users.

We store:

  • Message metadata (sender, subject, date, flags, folder)
  • Message body text and HTML (for display and search)
  • Attachments: names and content-types only — not the file content
  • Your IMAP/SMTP credentials, encrypted at rest
  • Labels, drafts, contacts, signatures you create

We do not store decrypted credentials anywhere. They are decrypted in memory only when making a connection.

Third-party infrastructure

TELVRIX uses the following third-party services to operate:

ServicePurposeData shared
SupabaseAuth, database, storageAll synced mail data
RedisBackground job queue (optional)Job IDs, mailbox IDs only
VercelApp hostingHTTP request data, logs

Beta limitations

TELVRIX is in closed beta. This means:

  • No SLA or guaranteed uptime
  • Data may be reset during significant schema migrations (advance notice given)
  • Not suitable for legally regulated email (HIPAA, GDPR-critical workflows) yet
  • SOC 2 and formal compliance certifications are planned, not current
Security practices →Privacy details →