You can trust Mailyard with your data, but cryptographically speaking you don't need to.
Mailyard doesn't encrypt your passwords in the database, because we simply do not need access to them. We make use of key exchange protocols so that your passwords are never sent to our servers, not even during authentication, not ever.
If you are big on security, then you will need to install the Lanyard browser extension, which will store your encryption keys for you. This mode of operation protects your data in the event of breach, as attackers will have nothing to work with except for the raw encrypted data.Coming Soon
If convenience is more your thing, you can keep encryption keys on our servers, which we encrypt with your password on the client-side (we do not have access to your passwords on our servers). You can upgrade your mailboxes to Isolated Mode at anytime.
Defense in depth is achieved through multiple layers of overlapping security controls.
Your data is encrypted using a Data Encryption Key (DEK), that's encrypted with a Key Encryption Key (KEK), that's encrypted with a key derived from your password.
We make use of Password-Based Key Exchange (PAKE) protocols to pass encryption keys to and from our servers, while keeping your password unknown to us.
Our API servers only allow modern TLS connections, making for fast and secure connections, while being supported by all latest browser versions.
The code that runs on your machine will always be open source so you can verify the security claims that we make. Check out the Mailyard repository on GitHub.
We go to great lengths not to collect any PII, we've carefully designed our database and logging processes such that we do not capture email addresses, IP addresses, names, etc.
Some emails load content from external sources, which may leak information from your browser. Mailyard provides its own proxy for all such content.Coming Soon
It is important to know that there is no such thing as 100% security, and to understand the boundaries of Mailyard's security model.Threat Model
While Mailyard is still in development, we take active steps towards providing an enterprise-grade offering. See what's in store.Compliance & Certification Status
We appreciate the efforts of the security community, and adopt a transparent approach with disclosures to keep Mailyard users secure.Vulnerability Disclosure
Are you paying to keep multiple inactive mailboxes in your G Suite organization? Or perhaps you want to delete your personal Gmail mailboxes, but don't want to lose easy access to your emails.
Archive with Mailyard.Start your 7-day free trial now
No credit card required.