Send Only, No Inbox Reading: Our Security Promise
Understanding why PostSignup only requests send permission and never accesses your inbox.
The Core Security Principle
We only send. We never read. This isn't just a policy—it's technically enforced.
What "Send Only" Means
When you connect your email, we request only:
- Gmail: gmail.send scope
- Microsoft 365: Mail.Send permission
That's it. These permissions physically cannot read your inbox.
What We Cannot Access
- Your inbox content
- Your sent folder
- Your drafts
- Your contacts
- Your calendar
- Your email threads
Why This Matters
Privacy
Your inbox contains sensitive information. We don't need it and don't want it.
Security
Fewer permissi attack surface. Even if we were compromised, your inbox is safe.
Trust
You shouldn't have to trust us not to read your email. You should trust that we CAN'T.
How to Verify
Gmail:
- Go to Google Account > Security > Third-party apps
- Click PostSignup
- See only "Send email" permission
Microsoft 365:
- Go to account.microsoft.com
- Privacy > Apps and services
- See only "Send mail" permission
Revoking Access
If you ever want to disconnect:
- Remove access from Google/Microsoft settings
- PostSignup immediately loses send ability
You're always in control.
