Security & Data Subprocessors

Last updated: April 13, 2026

How we protect your data

🔒

Encryption in transit

All data is transmitted over TLS 1.2+. No unencrypted connections.

🗄️

Encrypted at rest

Database encryption using AES-256. Storage volumes are encrypted.

🔑

OAuth 2.0 only

We never store your email password. Access is via revocable OAuth tokens.

🏛️

GDPR compliant

EU data residency options, right to deletion, data portability on request.

🚫

No data selling

Your email data is never sold or shared with advertisers or third parties.

⏱️

Minimal retention

Email content cached only as needed for AI processing. Deleted on account removal.

Email access scope

Opsense requests only the minimum required Gmail/Outlook scopes:

  • gmail.readonlyRead emails for analysis
  • gmail.sendSend AI-drafted replies on your behalf
  • gmail.modifyMark emails as read/processed

You can revoke access at any time from Settings → Data & Privacy or directly from your Google Account settings.

Subprocessors

These are the third-party services we use to operate Opsense. Each has been evaluated for security and GDPR compliance.

OpenAIUnited States

AI email analysis, reply generation, task extraction

Privacy policy →
Google Cloud (GCP)EU / United States

Infrastructure hosting, Gmail API integration

Privacy policy →
VercelUnited States / EU

Application hosting and edge delivery

Privacy policy →
Neon (PostgreSQL)EU

Database hosting for user and email data

Privacy policy →
StripeUnited States / EU

Payment processing and subscription management

Privacy policy →
Google OAuthUnited States

Secure authentication and Gmail access

Privacy policy →
Microsoft OAuth (Azure AD)United States / EU

Secure authentication and Outlook/Microsoft 365 access

Privacy policy →
ResendUnited States

Transactional email delivery (notifications, password reset)

Privacy policy →
Terms of ServicePrivacy PolicyCookie Policy← Back to Opsense