Security
Your data is yours.
We take that seriously.
EmailQo is built on the principle that you should own your infrastructure and your data. Here is exactly how we handle security.
Your AWS keys, encrypted at rest
Your AWS access keys are encrypted using AES-256 before being stored. They are never logged, never exposed in API responses, and only decrypted at the moment an email needs to be sent.
No email content stored
EmailQo does not store the body of emails you send. Campaign steps are stored so you can edit them, but outgoing email content is not retained after sending.
Row-level security on all data
Every database table enforces row-level security. Your campaigns, contacts, domains and analytics are only accessible to your account. Nobody else can see it.
SOC 2 certified infrastructure
All user data is stored in Supabase, a SOC 2 Type II certified platform with automatic backups, point-in-time recovery, and encryption at rest and in transit.
HTTPS everywhere
All communication is encrypted over HTTPS. We enforce TLS 1.2 or higher on all connections and use HSTS to prevent downgrade attacks.
Your AWS account, your logs
Because emails are sent through your own AWS SES account, your sending logs, bounce records and complaint data live in your AWS account. Full ownership, always.
No advertising trackers
EmailQo does not use advertising trackers or sell data to third parties. The product is ad-free. Your data is used only to operate the service.
See also
- Privacy Policy → What we collect and how we use it.
- Terms of Service → Acceptable use, billing, and account terms.
- Setup Documentation → How AWS credentials are stored and used at send time.
- Contact → For non-security questions.