Security & Data Subprocessors

Last updated: April 13, 2026

How we protect your data

🔒

All data is transmitted over TLS 1.2+. No unencrypted connections.

🗄️

Database encryption using AES-256. Storage volumes are encrypted.

🔑

We never store your email password. Access is via revocable OAuth tokens.

🏛️

EU data residency options, right to deletion, data portability on request.

🚫

Your email data is never sold or shared with advertisers or third parties.

⏱️

Email content cached only as needed for AI processing. Deleted on account removal.

Opsense requests only the minimum required scopes — no Gmail or Calendar API access:

Email data is read directly from Gmail's interface by the Chrome extension — no API tokens, no unverified scopes.

You can revoke access at any time from Settings → Data & Privacy or directly from your Google Account settings.

These are the third-party services we use to operate Opsense. Each has been evaluated for security and GDPR compliance.

OpenAIUnited States

AI email analysis, reply generation, task extraction

Google Cloud (GCP)EU / United States

Infrastructure hosting, Gmail API integration

VercelUnited States / EU

Application hosting and edge delivery

Neon (PostgreSQL)EU

Database hosting for user and email data

StripeUnited States / EU

Payment processing and subscription management

Google OAuthUnited States

Secure authentication and Gmail access

Microsoft OAuth (Azure AD)United States / EU

Secure authentication and Outlook/Microsoft 365 access

ResendUnited States

Transactional email delivery (notifications, password reset)