Your inbox stays yours

Supafax is built on a simple principle: read only what's needed, store nothing, never send or delete anything. Here's how it works under the hood, and the controls we're have in place.

Talk to our CTO

Private by design

Three guarantees, built in at the architecture level - not bolted on.

0 Bon disk

Zero retention

Nothing stored. Emails are processed with our AI then discarded. We never keep copies of anything on our servers.

Draft ready for review

You approve every send. Supafax drafts and organizes - but it can never send or delete emails.

End-to-end encryptedSecure channel · verified

AES-256TLS 1.3

Encrypted end-to-end. AES-256 at rest, TLS 1.3 in transit, Google-verified OAuth. Revoke access anytime from your Google account.

Works where you already work

Gmail

Outlook

Compliance is key

We're actively pursuing the certifications enterprise security teams look for. Every framework listed below is underway with an independent auditor - progress and scope available on request.

In progress

SOC 2 Type II

Annual independent audit of security, availability, and confidentiality controls.

In progress

ISO 27001

Globally recognized information security management standard.

In progress

GDPR

EU data subject rights, DPAs, and sub-processor transparency.

In progress

HIPAA

Administrative, technical, and physical safeguards for PHI in healthcare inboxes.

Your inbox stays yours

Private by design

Compliance is key

SOC 2 Type II

ISO 27001

GDPR

HIPAA

Security questions, answered

Leave inbox anxiety behind

Your inbox stays yours

Private by design

Compliance is key

SOC 2 Type II

ISO 27001

GDPR

HIPAA

Security questions, answered

How does Supafax actually label, draft, and read my mail?

What email data do you store?

Where is Supafax hosted and who can access my data?

What OAuth scopes does Supafax request?

Which AI models do you use, and do they train on my email?

How is my data encrypted?

Leave inbox anxiety behind