email·digit
Trust posture

The things you can't audit.
Documented anyway.

Email Digit handles your contacts, your replies, your sending domain's DKIM keys — material that should not be given lightly. This page is the catalog of what we do to deserve that trust.

AES-256
At rest + extra layer for sensitive fields
TLS 1.3
In transit Minimum, enforced
Encrypted
DKIM keys At rest · hardware-backed roadmap
99.97%
Sending uptime targetTrailing 30 days (private beta)
01 · Encryption

Encrypted in transit and at rest.

Every connection uses TLS 1.3 or better — older versions are rejected. At rest, all data is encrypted with AES-256. Sensitive fields (contact PII, signing keys, OAuth tokens) carry an additional layer of encryption, keyed per workspace, so a database compromise alone doesn't yield decryptable values.

  • DatabaseEncrypted + isolated
    AES-256 at rest, with an extra layer of encryption on PII, OAuth tokens, and signing keys. Strict per-workspace isolation — one workspace can never read another's data.
  • Object storage Q3 2026
    Encrypted at rest. Access via short-lived signed URLs only. No public buckets.
  • DKIM keysEncrypted at rest
    Per-workspace signing keys, encrypted at rest. Hardware-backed signing is on the roadmap.
  • OAuth tokens(Gmail · MS Graph)
    Encrypted per workspace. Refresh rotated on schedule and on any anomaly detection.
  • BackupsPoint-in-time
    Point-in-time recovery covering the last 30 days. Restore tested monthly. RPO 5 min · RTO 1 hour for the primary database.
02 · Access control

Least privilege.
Logged. Reviewed.

Every production access — by us or by automation — is authenticated, authorized, and recorded. No shared service accounts. No bastion-less SSH.

  • 2FAOptional today · required for admin roadmap
    TOTP via authenticator app. WebAuthn is Q4 2026. Phone-SMS 2FA is not accepted.
  • RBACFive roles
    Owner · Admin · Editor · Sender · Viewer. Permissions are workspace-scoped. Owner role limited to one user; transferable, never duplicated.
  • SSOSAML & OIDC Q4 2026
    Will be available on Enterprise. Just-in-time provisioning. SCIM 2.0 for deprovisioning.
  • Production accessAuthenticated · logged
    Least-privilege production access only, authenticated per person. Every session is recorded to an audit log.
  • Audit logAppend-only
    Every administrative action emits an audit record (actor · action · target · IP · payload). Retained 7 years on Pro and above.
03 · Compliance commitments

What we promise, with status.

We don't claim certifications we haven't earned. The list below distinguishes active commitments from items in progress.

ACTIVE

GDPR + UK GDPR

DPA available on request. Right-to-delete cascade through every system. 72-hour breach notification.

ACTIVE

CCPA / CPRA

Consumer requests honored in <15 days. Sale-of-data: we don't sell data, ever.

ACTIVE

CAN-SPAM + CASL

Physical sender address surfaced on every campaign. Unsubscribe within 1 hour. Consent provenance tracked.

ACTIVE

Gmail / Yahoo bulk sender

RFC 8058 one-click unsubscribe. Complaint rate <0.3% enforced. Authentication alignment.

ACTIVE

Microsoft Outlook bulk sender

Same requirements as Gmail/Yahoo; same controls.

IN PROGRESS

India DPDP Act

Notice + consent framework underway. India-resident data will be stored in an India region once provisioned.

IN PROGRESS

SOC 2 Type II

Readiness phase underway. External audit and certification slated for Q2 2027 (year 2).

IN PROGRESS

ISO 27001

Started after SOC 2 audit. Targeted Q4 2027.

04 · Sub-processors

Every vendor, documented — in the DPA.

We run on a small set of established infrastructure, email, and AI sub-processors. The complete, current list — each vendor's purpose, region, and the data it touches — is part of our DPA and shared on request under NDA. Material changes are notified 30 days in advance, and you can object.

  • Categories
    Cloud hosting & database, email delivery, DNS, payments, and AI reply-classification — all established vendors under signed DPAs.
  • AI processing
    Reply classification runs on PII-redacted prompts. We don't sell your data and don't use it to train shared models; any model improvement is opt-in, anonymized, and never crosses workspaces.
  • Get the list
    Request the full sub-processor list with the DPA at info@emaildigit.com.
05 · Data residency

Pinned to your billing region.

Today: US is our primary region. EU and India are Q4 2026. Cross-region replication is opt-in per workspace, not default.

  • US customers
    Data stored in the United States. Backups held in a separate US region.
  • EU customers Q4 2026
    Will be stored in the EU (Ireland). SCCs + DPA in place for any sub-processor that touches EU data.
  • India customers Q4 2026
    Will be stored in India (Mumbai). DPDP-compliant cross-border consent required for any replication outside.
06 · Incident response

What we do when something breaks.

Defined severities, defined response windows, public postmortems. We don't believe in marketing-language status pages.

  • Sev-1Critical
    Sending pipeline down · data layer down · security breach. Page immediately · status page updated within 15 min · postmortem within 24h of resolution.
  • Sev-2Major degradation
    Backend degraded · elevated error rate · single-tenant impact. Investigate within 1 hour during business hours.
  • Sev-3Limited impact
    Workspace-specific issue · minor regression. Ticket within 4 hours.
  • RPO · RTORecovery targets
    Primary database: RPO 5 min · RTO 1 hour via point-in-time recovery. Object storage Q3 2026.
  • Status pagestatus.emaildigit.com Q3 2026
    Real-time component health · 90-day uptime history · subscription via email/SMS/webhook.
07 · Vulnerability disclosure

Found something? Tell us.

We respect good-faith research. If you've discovered a vulnerability in Email Digit, please report it through one of the channels below. We commit to acknowledge within 48 hours and to publish a fix or remediation plan within 14 days for confirmed issues.

  • Primary contact
    info@emaildigit.com — PGP key available on request.
  • Bug bounty
    Formal program launching with year 2. In the meantime, meaningful disclosures are rewarded individually — we'll work it out with you directly.
  • Scope
    All *.emaildigit.com, the public REST API, the SDKs once released. Out of scope: rate-limiting on free public tools, social engineering, third-party tooling we don't control.
  • Safe harbor
    We will not pursue legal action against researchers who follow this policy in good faith. Specifically: no testing against other customers' workspaces, no DoS, no data exfiltration beyond proof of access.
08 · Privacy policy

What we collect, why, and what we never do.

Email Digit collects exactly the data needed to send your messages and route your replies. We don't sell data. We don't share data with advertisers. The full policy is a separate document, but the short version: your customer list is your customer list, and it doesn't leave your workspace.

Read the full privacy policy →

09 · Terms of service

Plain-language terms.

Month-to-month on Free / Starter / Pro / Business. Cancel anytime. Export your data anytime. Enterprise has a standard 12-month term. We charge in your local currency where supported and never auto-upgrade you to a higher tier without explicit confirmation.

Read the full terms →

10 · Acceptable use policy

What we will not let you do.

Prohibited: spam, phishing, malware distribution, sending without consent, illegal content, complaint-rate violations. We do allow cold B2B outbound with proper warmup, relevant targeting, and honored unsubscribes. We do not allow cold B2C outbound. Complaint thresholds: 0.2% generates a warning, 0.4% suspends sending pending review.

Read the full AUP →

11 · Data processing addendum

For your legal team.

Our DPA is GDPR-compliant, signed counter-signed by default for any Pro+ customer who needs one, and includes Standard Contractual Clauses for EU↔US transfers. Sub-processor list is referenced and updated monthly.

Download the DPA (PDF) →

Talk to security

Questions your
legal team has?

For audit packets, custom DPA negotiation, or pre-purchase security reviews — reach out directly. We've answered enough of these to do it quickly.