Security
EmailQo is built on the principle that you should own your infrastructure and your data. Here is exactly how we handle security.
Your AWS access keys are encrypted using AES-256 before being stored. They are never logged, never exposed in API responses, and only decrypted at the moment an email needs to be sent.
EmailQo does not store the body of emails you send. Campaign steps are stored so you can edit them, but outgoing email content is not retained after sending.
Every database table enforces row-level security. Your campaigns, contacts, domains and analytics are only accessible to your account. Nobody else can see it.
All user data is stored in Supabase, a SOC 2 Type II certified platform with automatic backups, point-in-time recovery, and encryption at rest and in transit.
All communication is encrypted over HTTPS. We enforce TLS 1.2 or higher on all connections and use HSTS to prevent downgrade attacks.
Because emails are sent through your own AWS SES account, your sending logs, bounce records and complaint data live in your AWS account. Full ownership, always.
EmailQo does not use advertising trackers or sell data to third parties. The product is ad-free. Your data is used only to operate the service.