Security

The send-only contract.

Trust is a product feature. Every outbound tool that asks for mailbox read access is a silent ask for everything in it. We drew that line on day one, wrote it into our AGENTS.md, and enforce it in code review.

Our six pillars

Send-only email scopes

We request gmail.send (and the Microsoft Graph equivalent) only. No inbox read, no label access, no thread history. This is a permanent rule — a PR adding read scopes is rejectable in review.

Per-environment secrets

API keys are scoped to a single database branch. A key that works against production doesn't authenticate on preview deploys and vice versa. Revoke at any time.

Cost logging on every external call

Every external API call is logged with provider, call type, and cost. No silent drain.

Audit logs

Every pipeline run generates a trace ID. You can see what was classified, which enrichment ran, what it cost, and when. Operators get full visibility.

Clerk-backed auth + Bearer API keys

Web UI uses Clerk for session auth and MFA. API surface uses rotatable Bearer tokens. Both paths are rate-limited and cost-capped per account.

Minimum data storage

We keep what's required to return your searches and honor export/deletion requests. You control retention on your own lists and can delete them at any time.

Reporting a vulnerability

Saw something? Tell us.

Security researchers and users can report issues to security@wowere.com. We'll acknowledge within one business day and keep you in the loop as we investigate.

Start with a search

Confident enough to search?

The same privacy-first engineering that built the send-only contract built the whole product.

Free to start — 25 searches and 10 verified emails included. No credit card required.

Keep reading

Send-only privacyAutomationPricing