Security at Velum.Works

Your email contains your most sensitive information. We treat security as our highest priority.

Our Security Principles

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Your email content is never stored in plaintext.

We collect only the minimum data necessary to provide our service. Your emails are processed but never read by humans.

Our servers run in SOC 2 Type II certified data centers with 24/7 monitoring, intrusion detection, and regular security audits.

Strict role-based access controls ensure that only authorized systems can access your data. All access is logged and audited.

SOC 2 Type II

Annual third-party security audits

GDPR Compliant

Full European data protection compliance

CCPA Compliant

California Consumer Privacy Act

HIPAA Ready

Healthcare data handling capability

Email Content: Processed by our AI to provide sorting, filtering, and suggestions. Never shared with third parties or used for advertising.

OAuth Tokens: Encrypted using industry-standard Fernet encryption. Used only to sync your email on your behalf.

Account Data: Your email address and preferences are stored securely. Passwords are hashed using bcrypt with high work factors.

Payment Information: Handled entirely by Stripe. We never see or store your credit card details.

If you discover a security vulnerability, please report it responsibly. I appreciate your help in keeping Velum.Works secure.

Please include "Security Issue" in the subject line for priority handling.

Have questions about our security practices?