Theoretically, users of SaneBox have given us the ability to access both the body and headers of their email. To ensure the privacy of our users our software does its magic by analyzing only the headers of your emails. The bodies of your emails are never downloaded to our servers, and therefore our software can’t see them. Also, the ability to access the headers of your email is limited to our servers which are securely isolated from the public Internet.
How secure is SaneBox?
SaneBox is as secure as we can possibly make it. Our systems are constantly being maintained to the highest standards and best leading practices. Also, by design our SaneBox servers do not accept inbound connections from the Internet - at all. They can only make outbound connections.
If both our database and code base were stolen or hacked into, the credentials and access to your email would still be protected with our multi-layered, banking-industry level encryption.
- And since our machines never download the body of your emails, there is never anything but the headers on our machines.
- Those headers (and all credential information) are securely deleted if you should change your mind and cancel our service.
Unless you have a private email server in your bedroom, your email is already being served from a corporate business on the Internet. Therefore you have already trusted your email with a third party, and there is a good chance they haven’t secured it as completely as we have.
What about the NSA? Can they read my emails if I use SaneBox?
Think of the NSA as being on the outside looking in and all they can see is noise of our encrypted connection to your email server when we ask to view the information about your latest email and then ask your email server to move the email.
Additionally, by default, the bodies of your email do not ever touch our servers. Only particular emails as part of our optional features SaneFwd and SaneAttachments will cause us to download the entire emails to our servers for the short amount of time necessary to either resend or re-upload. And even then, the download, resend, or upload should all be done over an encrypted tunnel.
Please see our Privacy & Security page for more information about what we have done to keep you safe.