Your email is the central access point to your digital presence.
From the beginning, we have been asked about how we ensure security and keep your data private.
Here we explain how we keep your Empty account secure.

1. You can choose what to save.

We do not save your email data unless you enable inbox features.We continuously design and improve our product so that you only need to provide the required data for the features you decide to use.

2. We don't save data that is not necessary.

We regularly remove our necessary server-side logs (we don't log your personal data by default unless it is what you've requested.) after data retention for maintaining the service.

3. Data Encryption: Default encryption-at-rest, and in-transit.

Empty employs two types of encryption: at-rest and in-transit.
  • At-rest encryption secures email data in databases and files when they're not actively used.
    • Our database provider stores inactive data in NVMe SSD volumes. The data on NVMe instance storage is encrypted using an XTS-AES-256 block cipher implemented in a hardware module on the instance.
    • Our storage provider stores inactive data using one of the strongest block ciphers—256-bit Advanced Encryption Standard (AES-256) to encrypt the object by default.
  • In-transit encryption, using industry-standard TLS, secures emails during transmission, though it's not universally enforced across all email services.By default, we reject any incoming messages that aren't sent over a secure connection and send all of our emails through a secure connection.

Encryption is often the first aspect considered in digital security, with end-to-end encryption being the ideal.

This form of encryption ensures that only the communicating users can access the data, not even the service providers. However, achieving end-to-end encryption in email is impractical.

Email's design doesn't allow control over the recipient's app or service, and modifying the vast network of email systems to support end-to-end encryption is unlikely.

Attempts to implement end-to-end encryption in email have had limited success. Some methods require users to adopt the same service, while others redirect to websites for encryption, or use cumbersome tools like PGP.

These approaches compromise the fundamental nature of email. For those requiring end-to-end encrypted email, services like ProtonMail exist, but they're exceptions.

We acknowledges that end-to-end encryption isn't feasible for mainstream email services, making it unsuitable for a very highly sensitive communications, such as those involving national security or human rights issues. In these cases, secure messaging tools like Signal are recommended. Otherwise, we will ensure Empty is a secure choice for most use cases.