Security

We handle your email data with the same care you give your most sensitive client conversations. Here is how we protect it.

OAuth 2.0 only. We connect to Gmail via Google OAuth. We never see or store your Gmail password. You can revoke access at any time from your Google account settings.

All data is encrypted in transit using TLS 1.2 or higher. All data is encrypted at rest using AES-256. This includes your email content, relationship data, and account information.

Minimal data principle. We only store what is necessary to provide the service. Raw email content is stored securely and used only to generate relationship insights.

Your data is stored on AWS infrastructure in secure, access-controlled environments. We use Supabase for database services with row-level security enabled. Access to production data is restricted to authorised personnel only.

Email content is processed by AI models to generate insights. Content sent to AI providers is not used for model training. We use reputable providers with enterprise data protection agreements.

Sessions are managed with short-lived tokens that expire regularly. We implement rate limiting on all API endpoints. All authentication is handled through Clerk with industry-standard security practices.

When you delete your account or disconnect Gmail, all your data including indexed emails, relationship data, and account information is permanently deleted within 30 days. This cannot be undone.

We comply with Google API Services User Data Policy and Limited Use requirements.

If you discover a security vulnerability in Sektra please report it responsibly to hello@sektra.ai. We take all security reports seriously and will respond within 48 hours.