Security
Security is a core priority at MailOutly. This page summarizes key controls and best practices.
1. Authentication & Access
- OAuth 2.0 Gmail integration uses OAuth tokens. We do not store your Gmail password.
- Access to sensitive operations is controlled by authentication and authorization checks.
2. Data Protection
- Encryption in transit (HTTPS) is required for production deployments.
- We minimize stored data to what is needed to operate the Service.
- Uploaded files (such as resumes) are size‑restricted and path‑validated server-side.
3. Abuse Prevention
- Rate limiting, daily send limits, and monitoring help protect deliverability and reduce abuse.
- We may suspend accounts involved in spam, fraud, or policy violations.
4. Your Responsibilities
- Use strong passwords and keep your device secure.
- Only email recipients when you have the right to contact them.
- Keep lead lists compliant and honor opt-out requests.
5. Vulnerability Reporting
If you believe you found a security vulnerability, please email mailoutly@gmail.com with details and reproduction steps. Please do not publicly disclose until we’ve had a chance to investigate.