At MailGovern, we recognize that email and calendar data form the backbone of modern enterprise operations. Securing this data is our highest priority. Our platform is engineered from the ground up to exceed the stringent security requirements of global financial, healthcare, and government institutions.
1. Data Encryption
We employ cryptographic best practices across our entire stack:
- In Transit: All data flowing between MailGovern, Microsoft Exchange, Google Workspace, and your custom endpoints is encrypted using TLS 1.3.
- At Rest: Any persistent data, including logs, databases, and cached metadata, is encrypted at rest using AES-256 encryption.
2. Architectural Security
Our infrastructure is designed for maximum isolation and resilience:
- Zero-Trust Network: Our internal microservices operate on a zero-trust model, requiring mutual TLS (mTLS) authentication for all inter-service communication.
- No Permanent Payload Storage: Unless specifically configured for archiving, MailGovern's routing engine evaluates email payloads in memory and immediately flushes them. We do not store sensitive email bodies permanently on disk.
- Role-Based Access Control (RBAC): The MailGovern dashboard supports granular RBAC and integrates directly with your existing Identity Provider (IdP) via SAML 2.0 or OIDC.
3. Continuous Compliance & Auditing
Security is a continuous process, not a state:
- Penetration Testing: We conduct rigorous, independent third-party penetration tests on our platform annually, and perform automated vulnerability scanning daily.
- Audit Logging: Every configuration change, rule modification, and administrative login is securely logged to an immutable audit trail, providing full visibility for your InfoSec team.
4. Secure Integrations
We integrate with Microsoft 365 and Google Workspace using official, scoped OAuth 2.0 APIs. MailGovern utilizes granular application permissions—we only request the exact scopes necessary to execute your defined governance rules, minimizing the attack surface.
5. Vulnerability Disclosure Program
We believe in collaborating with the global security research community. If you believe you have discovered a vulnerability in the MailGovern platform, we encourage you to disclose it to us securely at info@mailgovern.com.