All features

Security & compliance

Sensible security, on by default.

Incoming emails are rendered in a locked-down sandbox so a malicious message can’t tamper with the app. Rate limits, a strict browser security policy, encrypted secrets, and a full audit trail all come standard.

9 total 9 shipping

  • Rate limiting

    Shipping

    Built-in limits stop abuse and brute-force attempts, and hold steady across restarts.

  • Request forgery protection

    Shipping

    Standard protection against cross-site request forgery on every session-based action.

  • Locked-down by default

    Shipping

    A strict browser security policy and enforced HTTPS in production.

  • Safe file uploads

    Shipping

    Uploads are checked by type and blocked if risky, with size limits (smaller for guests).

  • Encrypted secrets

    Shipping

    Sensitive secrets like two-factor keys are encrypted in the database.

  • Security activity log

    Shipping

    A record of sign-ins, two-factor changes, password resets, and invitations.

  • Trusted plugins only

    Shipping

    No plugin installs unless it’s properly signed and trusted.

  • Sandboxed email rendering

    Shipping

    Incoming HTML email is shown in a fully sealed sandbox that can’t run scripts or touch the app.

  • Audit log

    Shipping

    A record of who created, changed, or deleted what, with sensitive fields redacted and a read-only role for auditors.

Previous Backup & restore

Want to see it in action?

Self-host the v1 image today, or browse the rest of the catalogue.

Self-host v1 All features