Security is not a feature.
It's our foundation.
At Sendora, security is not a checkbox or a marketing claim — it is the architectural bedrock upon which every component of our platform is constructed. This page provides a transparent, comprehensive account of the technical and organisational security measures that protect your communications and data.
A defence-in-depth architecture designed to protect you at every layer.
Sendora's security architecture is built on the principle of defence-in-depth — the deliberate application of multiple, independent layers of protection such that the failure of any single control does not result in a catastrophic breach. This approach reflects a mature understanding of the adversarial landscape in which a modern email service operates, and a commitment to ensuring that your communications remain private and secure regardless of the attack vector an adversary may attempt to exploit.
Every component of the Sendora platform — from the authentication layer and the database schema to the email routing pipeline and the client-side rendering engine — has been designed with security as a non-negotiable constraint, not an afterthought. Security reviews are conducted as an integral part of every development cycle, not as a periodic compliance exercise.
We believe that genuine security requires transparency. This page documents, in precise technical detail, the controls we have implemented on your behalf. We do not make unverifiable claims — every security measure described here is an operational reality of our platform, not an aspirational statement.
Security by Design
Core PrincipleSecurity requirements are established before implementation begins. Every feature is threat-modelled and reviewed before deployment.
Least Privilege Access
ActiveEvery internal system, service account, and personnel role operates with the minimum permissions required to perform its function — nothing more.
Continuous Monitoring
24/7Infrastructure, authentication events, and anomalous access patterns are monitored in real time, with automated alerting for suspicious activity.
Transparent Disclosure
Open PolicyWe maintain a responsible disclosure programme and are committed to communicating security incidents to affected users with honesty and without delay.
Your data is encrypted, hashed, and protected at every stage of its lifecycle.
Sendora applies cryptographic protection to sensitive data both in transit and at rest, using algorithms and protocols that represent the current state of the art in applied cryptography — not the minimum standard required for regulatory compliance.
Password Storage
Argon2id
Sendora uses Argon2id — the winner of the Password Hashing Competition and the algorithm recommended by OWASP — for all password storage. Argon2id is a memory-hard function, meaning that brute-force attacks using GPU clusters or specialised ASICs are computationally prohibitive even with significant hardware resources. Passwords are never stored in plaintext, in reversible form, or using deprecated algorithms such as MD5, SHA-1, or bcrypt alone.
Transport Encryption
TLS 1.3
All communication between client browsers and Sendora's servers is encrypted using TLS 1.3 — the latest version of the Transport Layer Security protocol — with strong cipher suites and perfect forward secrecy (PFS). PFS ensures that even if a server's private key were compromised in the future, previously recorded sessions could not be decrypted. TLS 1.0 and 1.1 are explicitly disabled on all Sendora endpoints.
Session Tokens
Cryptographic PRNG
Session tokens issued upon authentication are generated using a cryptographically secure pseudo-random number generator (CSPRNG), rendering them statistically immune to prediction or enumeration attacks. Tokens are stored server-side and are invalidated immediately upon logout, session expiry, or manual revocation. Each token is scoped to a specific device and IP range to limit portability.
Email Alias Routing
Cryptographic Derivation
Anonymous Sending aliases and Temporary Inbox addresses are derived using a deterministic cryptographic function keyed to your account — not stored as plaintext mappings. This architectural choice ensures that even a complete disclosure of the alias routing table would not reveal the identity of the account holder without possession of the cryptographic key.
Database Encryption
AES-256 at Rest
All persistent data — including email content, account records, session metadata, and domain configurations — is stored in databases encrypted at rest using AES-256, the Advanced Encryption Standard with a 256-bit key, which is approved for the protection of classified information by national security agencies worldwide.
Email Transport
Opportunistic TLS (STARTTLS)
When Sendora's mail servers communicate with external mail servers to deliver or receive email, we enforce opportunistic TLS via STARTTLS, upgrading connections to encrypted channels wherever the remote server supports it. We additionally implement DANE (DNS-Based Authentication of Named Entities) for supported domains to prevent downgrade attacks on mail transport encryption.
A note on end-to-end encryption
Full end-to-end encryption (E2EE) — where message content is encrypted on the sender's device and can only be decrypted by the recipient — is a capability currently in active development on our roadmap. When implemented, E2EE will be available as an opt-in feature for users who require the highest level of content confidentiality. Until then, all emails are protected by strong encryption in transit and at rest, with server-side access governed by the strict access controls described in this document.
Phishing-resistant, hardware-backed authentication as the default — not the exception.
The authentication layer is the primary target of the majority of account compromise attempts. Sendora has invested significantly in authentication infrastructure that defeats the most prevalent attack categories — password theft, phishing, credential stuffing, and SIM-swap attacks — through architectural design rather than user vigilance alone.
Primary Method
Passkey Authentication
Passkeys implement the WebAuthn/FIDO2 standard — a cryptographic authentication protocol developed by the FIDO Alliance and the W3C and adopted by major platform vendors including Apple, Google, and Microsoft. A passkey is a public/private key pair: the private key is stored in your device's secure hardware enclave and never leaves your device, while the public key is registered with Sendora. Authentication is performed by signing a server-issued challenge with the private key — a process that requires your biometric (fingerprint or Face ID) or device PIN to authorise.
Session Management
Sendora enforces automatic session expiration after a period of inactivity, and provides full session audit logs — including device fingerprint, approximate geographic location, and timestamp — allowing users to detect and revoke unauthorised sessions in real time. Sessions are cryptographically scoped and cannot be transferred between devices or networks.
Inactivity Timeout
Enforced
Session Audit Log
Full History
Remote Revocation
Per-Session
Token Rotation
On Re-auth
Rate Limiting & Bot Protection
All authentication endpoints are protected by distributed rate limiting via Upstash Redis, enforcing strict request thresholds per IP address, account identifier, and device fingerprint. Login forms are additionally protected by Cloudflare Turnstile, an advanced bot-detection mechanism that challenges automated scripts without degrading the experience for human users. Credential stuffing attacks — in which attackers test large lists of compromised credentials against login endpoints — are effectively neutralised by this combination of controls.
Login Audit & Geolocation Alerts
Every login event is recorded with an anonymised geolocation derived from the source IP address using a privacy-preserving GeoIP lookup — the city-level location is logged but the precise IP address is hashed and not retained in plaintext. Logins from previously unseen locations or devices generate security notifications, enabling users to take immediate action if an unfamiliar session is detected.
Built on hardened infrastructure with multiple layers of network and system protection.
Sendora operates on cloud infrastructure that incorporates enterprise-grade physical security, network isolation, DDoS mitigation, and automated vulnerability management. Our infrastructure is continuously monitored and subjected to regular security assessments.
Cloudflare Network Protection
All ingress traffic to Sendora's services passes through Cloudflare's global network, providing industry-leading DDoS mitigation, Web Application Firewall (WAF) protection, bot filtering, and IP reputation-based blocking. Cloudflare's Anycast network absorbs volumetric attacks at the network edge, preventing them from reaching Sendora's origin infrastructure.
Network Segmentation & Isolation
Sendora's infrastructure components — web servers, application servers, database clusters, and caching layers — are deployed in logically and physically isolated network segments. Firewall rules enforce strict allow-list policies between segments, ensuring that a compromise of a front-end component cannot directly access sensitive back-end systems without traversing multiple security controls.
Database Access Controls
Production database access is restricted to a minimal set of application service accounts operating under the principle of least privilege. No direct public internet access to database endpoints is permitted. Database credentials are rotated regularly, stored in encrypted secret management systems, and never embedded in application code or version control repositories.
Automated Patch Management
Sendora's infrastructure is enrolled in automated security patching programmes that ensure operating system packages, runtime dependencies, and application libraries are updated promptly when security vulnerabilities are disclosed. Critical and high-severity patches are applied within 24 hours of vendor release; medium-severity patches are applied within the standard maintenance window.
Secure Software Supply Chain
All third-party software dependencies introduced into the Sendora platform are reviewed for security posture, maintenance status, and licence compliance before adoption. Dependency manifests are locked to specific verified versions, and automated tooling monitors for newly disclosed vulnerabilities in the dependency tree, enabling rapid remediation.
Uptime & Redundancy
Sendora's platform is architected for high availability, with redundant components at the web, application, and database tiers. Automated health monitoring detects and remedies service degradations before they impact users. Our infrastructure is designed to maintain 99.9% uptime, with planned maintenance windows communicated in advance.
Email Infrastructure
Anti-Spoofing & Deliverability Standards
Sendora implements the complete suite of email authentication standards to prevent domain spoofing and protect the integrity of emails sent from our platform.
Sender Policy Framework
Publishes an authoritative list of IP addresses permitted to send email on behalf of sendora.me, allowing recipient servers to reject forged sender addresses.
DomainKeys Identified Mail
Cryptographically signs every outgoing email with a private key specific to the sending domain. Recipients can verify the signature using the public key published in our DNS record.
Domain-based Message Authentication
Instructs recipient mail servers how to handle emails that fail SPF or DKIM verification, enabling us to reject or quarantine unauthenticated messages claiming to be from Sendora.
Mail Transfer Agent Strict Transport
Enforces TLS encryption on all inbound SMTP connections to Sendora's mail servers, preventing downgrade attacks that would otherwise allow mail transport in plaintext.
You control your data. We enforce that control at the architectural level.
Privacy at Sendora is not a policy promise — it is enforced through the technical architecture of the platform. User data is structured, stored, and accessed in ways that place control firmly with the account holder, not with Sendora's operators.
No Internal Access to Email Content
Sendora engineers and support staff do not have routine access to the content of user emails. Access to production email data is technically restricted and requires an elevated access procedure with mandatory audit logging. We do not read, analyse, or act on the semantic content of your communications.
No Behavioural Profiling or Analytics
Sendora does not build behavioural profiles, engagement funnels, or advertising audiences from user activity. We collect only the operational telemetry required to maintain service health — and even that is anonymised and aggregated before analysis.
Zero Third-Party Data Sharing
Sendora does not sell, license, or share user data with third-party advertisers, data brokers, or analytics companies. The only third-party services with any access to user data are those strictly necessary for platform operation (e.g. our cloud infrastructure provider and our payment processor), and these relationships are governed by strict data processing agreements.
Right to Erasure
Sendora honours your right to have your data permanently deleted. Account deletion triggers a cascading purge of all associated data — emails, session records, alias configurations, and payment history — from our production systems and backups within our stated retention window. This process is irreversible.
Data We Collect
Your chosen email address
Purpose: Account identification
Retained: For account lifetime
Argon2id password hash
Purpose: Authentication (cannot be reversed)
Retained: For account lifetime
Session tokens (hashed)
Purpose: Active session management
Retained: Until revocation or expiry
Login metadata (hashed IP, device, approx. location)
Purpose: Security auditing
Retained: 90 days
Email content (encrypted at rest)
Purpose: Service delivery
Retained: Until deletion by user
Billing transaction records
Purpose: Payment processing & compliance
Retained: 7 years (regulatory requirement)
Domain DNS configuration
Purpose: Custom domain routing
Retained: Until domain removed
Data We Never Collect
Operating within — and frequently beyond — the requirements of applicable law.
Sendora is committed to compliance with data protection legislation applicable to our operations and user base. We treat legal compliance as a floor — a minimum standard — rather than a ceiling. Our privacy and security practices routinely exceed what the law requires.
India
Information Technology Act, 2000 & DPDP Act, 2023
Sendora is operated from India and complies fully with the Information Technology Act, 2000, the IT (Reasonable Security Practices) Rules, and the Digital Personal Data Protection Act, 2023. This includes maintaining reasonable security practices for the protection of sensitive personal data and honouring data principal rights as defined under the DPDP framework.
European Union
GDPR — General Data Protection Regulation
For users located in the European Economic Area, Sendora processes personal data in accordance with the principles of the GDPR — including lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, and storage limitation. Users in the EEA may exercise rights of access, rectification, erasure, restriction, and portability by contacting support@sendora.me.
International
Privacy-first by default
Regardless of the jurisdiction in which a user is located, Sendora applies its privacy-first data practices universally. We do not operate a tiered privacy model in which users in certain regions receive lesser protections than those in regulated markets. Every user benefits from the same foundational privacy and security architecture.
Payment Security
PCI DSS (via Razorpay)
Sendora does not directly process, store, or transmit payment card data. All payment handling is delegated to Razorpay, a PCI DSS Level 1 certified payment processor. Sendora receives only tokenised payment references, which cannot be used to reconstruct card numbers or bank account details.
Email Compliance
CAN-SPAM, CASL, PECR
Sendora's platform is designed to facilitate lawful email communication. Our terms of service prohibit the use of the platform for spam, unsolicited bulk email, or any communication that violates applicable anti-spam legislation including the US CAN-SPAM Act, Canada's CASL, and the UK's PECR. Violations may result in immediate account suspension.
Legal Requests
Government & Law Enforcement
Sendora will comply only with legal requests that are lawfully issued, properly scoped, and supported by appropriate judicial authority under applicable law. We will notify affected users of any legal demand to the maximum extent permitted, will challenge overbroad or legally deficient requests, and will publish a transparency report documenting the number and nature of requests received.
We take security reports seriously and reward responsible disclosure.
Sendora operates a responsible disclosure programme for independent security researchers, penetration testers, and members of the broader security community who identify potential vulnerabilities in our platform, infrastructure, or associated services. We believe that a collaborative relationship with the security research community is an essential component of our overall security posture.
If you have identified a potential vulnerability, we ask that you report it to us privately before public disclosure, giving our team a reasonable opportunity to investigate, reproduce, and remediate the issue. We commit to acknowledging all valid security reports within one business day, providing regular status updates during investigation, and notifying you when the vulnerability has been remediated.
We will not pursue legal action against researchers who identify and disclose vulnerabilities in good faith, in accordance with this policy. Researchers who provide us with clear, concise, and actionable reports will receive our public acknowledgement (where desired) and our genuine appreciation for their contribution to the safety of our users.
In-Scope Systems
Disclosure Guidelines
Email your report to support@sendora.me with subject: 'Security Disclosure'
Include a clear description, proof-of-concept steps, and potential impact assessment
Allow a minimum of 90 days for remediation before public disclosure
Do not access, modify, or delete user data during your research
How to keep your Sendora account as secure as possible.
While Sendora invests substantially in platform-level security, the security of an account is a shared responsibility. The following practices, when adopted consistently, will materially reduce the risk of account compromise.
Enrol at Least One Passkey
Highly RecommendedPasskeys are the strongest authentication method available on Sendora. Enrolling a passkey on your primary device eliminates the risk of your account being compromised through password theft or phishing. We strongly recommend this as your first action after creating an account.
Use a Strong, Unique Password
RequiredIf you authenticate with a password, ensure it is at least 16 characters in length, uses a combination of letters, numbers, and symbols, and is not reused from any other service. A password manager is the most reliable way to generate and store strong, unique credentials.
Review Active Sessions Regularly
RecommendedCheck Settings → Security → Active Sessions periodically to confirm that all listed sessions correspond to devices and locations you recognise. If you identify an unfamiliar session, revoke it immediately and change your password.
Be Vigilant Against Phishing
ImportantSendora will never ask for your password via email. If you receive an email purporting to be from Sendora requesting your credentials or asking you to click a suspicious link, do not comply — report it to support@sendora.me. Always verify that the URL in your browser shows sendora.me before entering credentials.
Use Temporary Inbox for Untrusted Services
Privacy TipWhen registering on websites or services you are unfamiliar with or do not fully trust, use Sendora's Temporary Inbox feature rather than your primary address. This prevents your real email address from appearing in data breaches or being used for spam.
Log Out on Shared Devices
ImportantIf you access your Sendora account from a shared, public, or borrowed device, always log out explicitly when you have finished your session. Do not select 'Remember this device' on shared equipment. You may also terminate remote sessions from Settings → Security after using such a device.
Have a security concern?
If you suspect your account has been compromised, you have identified a security vulnerability, or you have a question about our security practices, please reach out to our team immediately. We treat all security communications with the highest priority.