Our Security Approach

NeuroMail takes security seriously. We implement industry-standard practices to protect your data and ensure platform stability.

Security Measures

Email Delivery Security

AWS SES Integration

We use Amazon SES (Simple Email Service) for sending emails. This provides:

• Enterprise-grade infrastructure
• DKIM and SPF authentication for email verification
• Spam and virus filtering
• High deliverability rates
• Compliance with email best practices

Tracking & Privacy

Email tracking features:

• Open tracking: Uses a small transparent pixel
• Click tracking: Links are wrapped to measure engagement
• Unsubscribe links: Required in every email for recipient privacy

Application Security

Code Security

• SQL Injection Prevention: All database queries use parameterized statements
• XSS Protection: User input is sanitized and output is properly encoded
• CSRF Protection: All forms include CSRF tokens
• Input Validation: All user input is validated server-side

Content Filtering

NeuroMail automatically filters dangerous content:

• Spam trigger words and patterns
• Adult and explicit content (coming soon)
• Known malicious links
• Phishing attempts

Data Privacy

Data Isolation

Your data is completely isolated:

• Each account's data is separate
• No user can access another user's information
• Database queries are scoped to your account only

We Never Sell Data

We never sell or share your contact lists or campaign data with third parties. Your data is yours.

Third-Party Services

We only share data with services necessary to run NeuroMail:

• AWS SES: For email delivery
• Google Gemini: For AI content generation (no personal data shared)
• Paddle: For secure payment processing

Coming Soon: Two-Factor Authentication

We're adding two-factor authentication (2FA) to provide an extra layer of security for your account. With 2FA enabled:

• You'll need both your password AND a code from your phone to log in
• Even if someone steals your password, they can't access your account
• Optional but strongly recommended for all users

Best Practices for Users

Protect Your Account

• Strong Password: Use 12+ characters with letters, numbers, and symbols
• Unique Password: Don't reuse passwords from other sites
• Don't Share: Never share your password or API key
• Log Out: Always log out on shared computers
• Monitor Activity: Check your sent campaigns regularly

API Key Security

• Never commit API keys to public repositories (GitHub, etc.)
• Store API keys in environment variables, not in code
• Regenerate keys if you think they're compromised
• Don't share API keys in emails or messages

Reporting Security Issues

Found a security vulnerability? We appreciate responsible disclosure:

• Email: emailengine2026@gmail.com
• Include detailed steps to reproduce the issue
• Allow us 48 hours for initial response
• Don't publicly disclose until we've fixed the issue

We take security reports seriously and will respond quickly.

Security Breach Protocol

In the unlikely event of a security breach:

• We'll notify affected users within 72 hours
• We'll explain what happened and what data was affected
• We'll take immediate steps to fix the issue
• We'll implement additional measures to prevent recurrence

Platform Updates

We continuously improve security:

• Regular security patches and updates
• Monitoring for new vulnerabilities
• Keeping all dependencies up to date
• Testing new features for security issues before release

Limitations

While we take security seriously, no system is 100% secure:

• Use strong passwords and keep them private
• Keep your devices and software updated
• Be cautious of phishing attempts (we'll never ask for your password via email)
• Back up important data

Questions?

Have security questions or concerns?

• Security issues: emailengine2026@gmail.com
• General support: emailengine2026@gmail.com