Security & privacy
How Mailhopper protects your mail: AES-256-GCM credential encryption, TLS-only connections, per-account isolation, EU hosting, and no AI training or ad tracking.
Your mail is only ever yours. Mailhopper is built to keep it that way, from the credential vault to the servers your data runs on.
How your credentials are stored
When you connect an account, Mailhopper needs its app password or OAuth token to reach your mailbox. That secret is encrypted with AES-256-GCM before it ever touches disk.
The key that decrypts it lives only on Mailhopper's server, never in the database and never in the app's code. So even with a copy of the database, the stored secret is unreadable: it is kept as ciphertext, a nonce, and an authentication tag, in a table the rest of the app can't read.
The credential vault is isolated at the database level and isn't exposed to the app's data layer at all. No browser request can reach it, only the server-side code that needs to open a connection to your mailbox.
Encrypted on every connection
Mailhopper reaches your providers over IMAP and SMTP with TLS only and no plaintext fallback, so your mail is protected on the wire every time it moves between Mailhopper and your mailbox. The app itself is served over HTTPS.
Walled off to your account
Every record in Mailhopper is tied to your signed-in session by database-level rules, so one account can never read another's mail. Your credentials are locked down further still, in the isolated vault the data layer doesn't touch.
Hardened against abuse
Where your data lives
Mailhopper runs entirely in the EU: your data is stored in Frankfurt and the app runs in Nuremberg, both in Germany. It's built to line up with GDPR, and Standard Contractual Clauses cover any transfer abroad.
What we never do with your mail
Audited dependencies
Mailhopper's third-party dependencies are audited for known vulnerabilities and kept up to date, so the code you rely on stays clear of components with published security issues.
You stay in control
Disconnecting a Gmail account automatically revokes Mailhopper's access at Google, so no grant is left behind. Removing any account deletes Mailhopper's local copy only; your mailbox is never touched. You can close your whole account at any time under Settings → Delete account.
Disconnecting an account never changes anything in your mailbox. To close your Mailhopper account and billing, see Plans & billing.
At a glance
| Area | What Mailhopper does |
|---|---|
| Encryption at rest | AES-256-GCM, key held apart from the data |
| Encryption in transit | TLS only, no plaintext fallback |
| Account isolation | Database-level rules, scoped to your session |
| Password reset links | Expire within the hour |
| Brute-force & API abuse | Rate limited per IP |
| Clickjacking & sniffing | Blocked by strict headers |
| Data residency | EU · Germany |
| Mail used to train AI | Never |
| Sold or shared for ads | Never |
| Dependency audits | Run regularly, kept clean |
| Google access after disconnect | Revoked automatically |
| Disconnect & delete account | Anytime |
