At Emilio, safeguarding your data is our top priority. This page details our security protocols and standards. For privacy-related information, refer to our Privacy Policy.
We safeguard access to our systems with multi-factor authentication.
We employ strong passwords, which are regularly updated to prevent unauthorized access.
We have strict control over production system access to ensure customer data protection and service integrity.
We employ automated tools to help us promptly address known security vulnerabilities.
We run regular security audits, including OWASP® pentests, to keep our defenses sharp.
Emilio has obtained the CASA Tier 2 Security Certification in February 2024, underscoring our commitment to security excellence. CASA is the industry-recognized application security standard by Google, which needs to be undertaken annually.
Later on, we will be aiming at higher certifications, such as SOC 2 or ISO 27001. Right now, we are just starting our organization and focused on building the most secure product for our customers.
User authentication is managed with your email provider via OAuth2 protocol. We prioritize user privacy and handle all data with the utmost care and confidentiality.
Emilio processes your email data using advanced AI and machine learning techniques to provide features such as email summarization, labeling, and drafting. This processing is integral to the service we provide and is performed with your consent during the onboarding flow.
We do not cache your data in our servers, except for anonymized data for troubleshooting. We do not use any profiling tools or systems to process your data and make decisions based on profiling.
We do store metadata on your email usage, such as the most relevant senders and how fast you respond to them. This information allows us to provide the most accurate predictions of what is important to you.
Overall, the collected information is utilized to enhance the Emilio product and support you effectively.
Our services are hosted on Amazon Web Services, ensuring compliance with the following standards: SOC 1/ISAE 3402, SOC 2, and SOC 3. For more information, please refer to AWS’ security and compliance page.
We retain logs for 30 days to monitor system health, after which they are securely erased.