Security

You can trust Mailyard with your data, but cryptographically speaking you don't need to.

Zero Trust

The Zero Trust Way

Mailyard doesn't encrypt your passwords in the database, because we simply do not need access to them. We make use of key exchange protocols so that your passwords are never sent to our servers, not even during authentication, not ever.


Isolated Mode
Isolated Mode

If you are big on security, then you will need to install the Lanyard browser extension, which will store your encryption keys for you. This mode of operation protects your data in the event of breach, as attackers will have nothing to work with except for the raw encrypted data.

Coming Soon
Integrated Mode
Integrated Mode

If convenience is more your thing, you can keep encryption keys on our servers, which we encrypt with your password on the client-side (we do not have access to your passwords on our servers). You can upgrade your mailboxes to Isolated Mode at anytime.


Security Measures

Defense in depth is achieved through multiple layers of overlapping security controls.

End-to-End Encryption

Your data is encrypted using a Data Encryption Key (DEK), that's encrypted with a Key Encryption Key (KEK), that's encrypted with a key derived from your password.

Cryptographically Secure

We make use of Password-Based Key Exchange (PAKE) protocols to pass encryption keys to and from our servers, while keeping your password unknown to us.

Secure Connections

Our API servers only allow modern TLS connections, making for fast and secure connections, while being supported by all latest browser versions.

Open Source Client

The code that runs on your machine will always be open source so you can verify the security claims that we make. Check out the Mailyard repository on GitHub.

Full Anonymity

We go to great lengths not to collect any PII, we've carefully designed our database and logging processes such that we do not capture email addresses, IP addresses, names, etc.

Private Proxy

Some emails load content from external sources, which may leak information from your browser. Mailyard provides its own proxy for all such content.

Coming Soon

Threat Model

Threat Model

It is important to know that there is no such thing as 100% security, and to understand the boundaries of Mailyard's security model.

Threat Model
Compliance & Certification

Compliance & Certification

While Mailyard is still in development, we take active steps towards providing an enterprise-grade offering. See what's in store.

Compliance & Certification Status
Vulnerability Disclosure

Vulnerability Disclosure

We appreciate the efforts of the security community, and adopt a transparent approach with disclosures to keep Mailyard users secure.

Vulnerability Disclosure

Start archiving your emails today

Are you paying to keep multiple inactive mailboxes in your G Suite organization? Or perhaps you want to delete your personal Gmail mailboxes, but don't want to lose easy access to your emails.

Archive with Mailyard.

Start your 7-day free trial now

No credit card required.

Sqreen | Runtime Application Protection
Mailyard, by Tinkerbox Studios Pte Ltd © 2019