Security at Velum.Works

Your email contains your most sensitive information. We treat security as our highest priority.

Our Security Principles

Encryption Everywhere

All data is encrypted in transit using TLS 1.3 and at rest using AES-256. Your email content is never stored in plaintext.

Privacy by Design

We collect only the minimum data necessary to provide our service. Your emails are processed but never read by humans.

Secure Infrastructure

Our servers run in reputable cloud data centers (Oracle Cloud Infrastructure) with automatic HTTPS, network monitoring, and regular security reviews.

Access Controls

Strict role-based access controls ensure that only authorized systems can access your data. All access is logged and audited.

Privacy & Data Protection

GDPR & CCPA Data Rights
Export or delete your data on request
Encrypted Credentials
OAuth tokens encrypted at rest (Fernet)
No Data Sales
We never sell your data or use it for ads
SOC 2-Aligned Controls
We follow SOC 2 practices (formal certification is on our roadmap)

How We Handle Your Data

Email Content: Processed by AI (Meta Llama 3.1 on Cloudflare Workers AI by default, or your own provider if you connect one) to provide sorting, filtering, and draft suggestions. We send only the content needed to categorize an email, and never sell it or use it for advertising.

OAuth Tokens: Encrypted using industry-standard Fernet encryption. Used only to sync your email on your behalf.

Account Data: Your email address and preferences are stored securely. Passwords are hashed using bcrypt with high work factors.

Payment Information: Handled entirely by Stripe. We never see or store your credit card details.

Report a Security Issue

If you discover a security vulnerability, please report it responsibly. I appreciate your help in keeping Velum.Works secure.

support@velum.works

Please include "Security Issue" in the subject line for priority handling.

Have questions about our security practices?

Contact Us