spectre is built on zero-server persistence of inbox content and rigorous security reviews.
Privacy-first architecture keeps email bodies under your control; sensitive steps run in isolated, encrypted channels.
Every component minimizes exposure while supporting audits and erasure workflows.
CASA Tier 2 aligns with Google’s cloud application security expectations for assessed builds.
We avoid centralizing mailbox content to “protect” it—you keep the data plane.
TLS protects data between your browser, providers, and our serverless endpoints.
Modern cipher suites for API traffic.
Header analysis is engineered to stay on-device during scans.
No bulk upload of mailbox dumps.
AI calls run in short-lived functions with keys in environment secrets.
Keys are not bundled to browsers.
Least-privilege scopes; tokens live where your integration stores them.
Revoke anytime with the provider.
We store only operational account metadata needed for billing and caps.
Data minimization by design.
We do not read message bodies for identification—headers only.
Content stays opaque to our logic.
You authorize OAuth; tokens stay client-side where architected.
Headers are fetched and processed for patterns.
Minimized signals go to isolated functions calling AI APIs.
Notices send from your mailbox with you in the loop.
Facilitation tooling with strict minimization; not a law firm.
TLS, OAuth, serverless isolation, and documented review processes.