🛡️ Trust Center
Security & Trust Center
1. Data in Transit
All communication between your browser and SphereMail is encrypted using TLS. Plain HTTP requests are automatically redirected to HTTPS. We do not serve any content or accept any data over unencrypted connections.
2. Email Content — Zero Retention
We do not store your email content. Submitted email data is processed entirely in-memory for the duration of analysis and is not written to any database, log file, or disk storage. Once analysis is complete, the content is discarded.
- Uploaded files are parsed transiently and never persisted
- AI analysis prompts are transmitted securely and not logged on our side
- Attachment file content is never sent to any external service under any circumstances
3. Threat Intelligence — Minimal Data Sharing
When enriching analysis with third-party threat intelligence, SphereMail sends only the minimum necessary security observables — never email body content, sender identity, or any personally identifiable information.
| Provider | What We Send | What We Never Send |
|---|---|---|
| VirusTotal | URLs, domain names, IP addresses, file hashes | Email body, sender address, attachment content |
| AbuseIPDB | IP addresses only | All email content |
4. Account & Credential Security
- Passwords are hashed using a strong one-way algorithm — plaintext passwords are never stored or logged
- All state-changing requests are protected against cross-site request forgery (CSRF)
- API keys and service credentials are stored server-side only and never exposed to clients
- All API endpoints enforce rate limiting to prevent abuse
5. Responsible Disclosure
We welcome good-faith security research. If you discover a vulnerability in SphereMail or any SecureSphereLabs product, please report it to us privately before any public disclosure.
Security Vulnerability Reports
Email: security@securespherelabs.com
Please include: description, reproduction steps, potential impact, and your contact information.
We commit to acknowledging reports within 48 hours and providing a resolution timeline within 7 business days.
Please include: description, reproduction steps, potential impact, and your contact information.
We commit to acknowledging reports within 48 hours and providing a resolution timeline within 7 business days.
See the full Vulnerability Disclosure Policy for scope, safe harbour, and authorised testing boundaries.
These documents were last updated on May 26, 2026. For questions, contact legal@securespherelabs.com. · Back to SphereMail
SphereMail