Security

Your documents are encrypted at every stage of their journey through Mail Sorter — from the moment they leave your browser to where they rest in our secure storage.

• In transit — All connections are secured with TLS/SSL encryption. Data traveling between your browser, our servers, and our processing pipeline is fully encrypted and cannot be intercepted.
• At rest — Documents and database records are encrypted at rest on our private servers using industry-standard encryption.
• Secure file storage — Uploaded PDFs are stored in encrypted, access-controlled storage buckets isolated per user. Your files are never co-mingled with another user's data.

Mail Sorter enforces strict data isolation so that no user can ever access another user's documents, even in the unlikely event of an application-level bug.

• Row-Level Security (RLS) — Our database enforces access policies at the row level. Every query is automatically scoped to the authenticated user, meaning the database itself rejects unauthorized access — not just the application code.
• Identity-verified routing — Your mailbox is tied to your unique, cryptographically verified user identity. The system validates that every request matches the authenticated session before serving any data.
• Isolated storage paths — Your uploaded documents are stored in a path unique to your account. There is no shared namespace between users.

When you upload a document, it passes through our proprietary, private processing pipeline. Here's what that means for your security:

• No third-party data sharing — Your documents are never sent to external services for processing. Our entire OCR and AI classification pipeline runs on infrastructure we control.
• Minimal data retention — Intermediate processing artifacts are discarded after your document is fully processed. Only the final results (extracted text, metadata, and your original PDF) are retained.
• Idempotent processing — Our pipeline includes safeguards to prevent duplicate processing, ensuring your documents are handled exactly once.

We use modern, battle-tested authentication protocols to protect your account:

• PKCE OAuth — Google sign-in uses the Proof Key for Code Exchange flow, the most secure OAuth standard, protecting against authorization code interception attacks.
• Secure session management — Sessions are stored in HTTP-only, secure cookies that cannot be read by client-side scripts, protecting against XSS attacks.
• Automatic session refresh — Sessions are refreshed server-side on every request, reducing the risk of session hijacking from stale tokens.
• Email verification — All new accounts require email verification before activation, preventing unauthorized account creation.

Every file uploaded to Mail Sorter passes through multiple layers of validation before it ever touches our processing pipeline:

• File type verification — We validate MIME type, file extension, and the binary file header (magic bytes) to ensure only legitimate PDF files are accepted.
• Size limits — Individual files are capped at 10MB and batch uploads at 50MB, preventing abuse and ensuring fast processing.
• Path traversal protection — Filenames are sanitized to block directory traversal attacks. Characters like.., /, and \ are rejected.
• Subscription verification — Upload access is gated behind active subscription status, preventing unauthorized usage.

Mail Sorter employs distributed rate limiting to protect the platform and all users from abuse:

• IP-based rate limiting — Requests are throttled per IP address using sliding window counters, preventing brute force and automated attacks.
• Domain-based limits — We monitor signup rates per email domain to detect and block mass registration attempts.
• Disposable email blocking — We maintain a comprehensive blocklist of disposable and temporary email providers to prevent fraudulent signups.
• Fail-open design — Our rate limiting is designed to never block legitimate users, even if the rate limiting service itself experiences downtime.

Transparency and accountability are built into every administrative action and financial transaction:

• Administrative audit trail — Every administrative action (account modifications, access grants, data deletions) is logged with the admin's identity, timestamp, and action details.
• PCI-compliant payments — We never store your credit card information. All payment processing is handled through Stripe, a PCI DSS Level 1 certified payment processor.
• Webhook signature verification — All incoming webhooks from payment and integration partners are cryptographically verified using HMAC signatures before processing, preventing spoofed or tampered requests.
• Idempotent event processing — Financial events are tracked by unique identifiers to prevent duplicate charges or missed updates, even during network disruptions.

You have full control over your data. When you request account deletion:

• All stored documents are permanently removed from our file storage
• All database records associated with your account are deleted
• Active subscriptions are canceled immediately
• Authentication credentials are purged from our systems

Deletion is thorough and irreversible — we do not retain backups of deleted user data. For more information about your data rights, see our Privacy Policy.

Questions About Security?

If you have questions about our security practices or want to report a vulnerability, please contact our security team at security@themailsorter.com.