Mail Zero

Security & Data Handling

Last updated: March 1, 2026

We believe you deserve full transparency about what happens to your data when you use Mail Zero. This page provides a plain-language explanation of our architecture, security measures, and the choices we've made to protect your privacy.

How Your Data Flows

Here is exactly what happens when you upload a file:

  1. 1
    Upload – Your file is sent to our server over an encrypted HTTPS connection. The data is encrypted in transit and cannot be intercepted.
  2. 2
    In-memory processing – The file is held in server RAM only. It is never written to disk, never stored in a database, and never logged.
  3. 3
    Metadata extraction – We parse only email headers: sender (From), date, and Gmail labels. We do not read email bodies, subjects, or attachments.
  4. 4
    Analytics – Statistics are computed from the extracted metadata (top senders, domains, volume trends, etc.).
  5. 5
    Response – The analytics results are returned to your browser. The uploaded file and all parsed data are immediately released from memory.

What We Collect

DataCollected?Stored?
Email sender (From)Temporarily, in memoryNo
Email dateTemporarily, in memoryNo
Gmail labelsTemporarily, in memoryNo
Email body / contentNoNo
AttachmentsNoNo
Your identity / accountNoNo
Cookies / trackersNoNo

Security Measures

Encryption in Transit

All traffic to and from getmailzero.com is encrypted using TLS (HTTPS). This is enforced by our hosting provider, Render, on all connections. Your file upload cannot be intercepted by third parties.

No Persistent Storage

This is our strongest security property. We have no database, no file storage, and no logging of uploaded data. There is nothing to breach because there is nothing stored. A data breach of stored email data is architecturally impossible.

File Validation

We validate uploaded files on both the client and server side. Only .mbox and .zip files are accepted, with a maximum file size of 500 MB.

Stateless Architecture

Each request is fully independent. There are no user sessions, no cookies, and no server-side state that persists between requests. When the server instance restarts (which happens regularly on our hosting platform), all memory is wiped clean.

Infrastructure

Mail Zero is hosted on Render, a cloud platform that provides:

  • Automatic HTTPS/TLS on all endpoints
  • DDoS protection
  • Isolated container environments
  • Regular security patches and infrastructure updates

What We Don't Do

  • We do not read your email content
  • We do not store your data anywhere
  • We do not sell or share your data with anyone
  • We do not require an account or login
  • We do not set cookies
  • We do not retain server logs of your uploaded data

Website Analytics

We use Umami Cloud, a privacy-focused analytics service, to understand how the site is used (e.g. page views and which pages are visited). Umami does not use cookies, does not collect personal data, and does not track you across other sites. We use this only to improve the product. For more detail, see our Privacy Policy.

Known Limitations

In the interest of transparency, here are limitations of our current security posture:

  • The full .mbox or .zip file transits our server during processing. While we only extract metadata, the complete file is temporarily in server memory.
  • We rely on our hosting provider (Render) for infrastructure-level security, including network isolation and TLS termination.
  • Server access logs (IP address, timestamp) are managed by our hosting provider and are outside our direct control.

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly by emailing security@getmailzero.com. We will acknowledge receipt within 48 hours and work to address the issue promptly.

Questions?

If you have questions about our security practices, please reach out at hello@getmailzero.com.