Passwords and API keys: AES-256-GCM encrypted in the database — the gold standard for symmetric encryption Transport: All connections over TLS/HTTPS IMAP/SMTP: Connections to email servers via SSL/TLS

Role-based permissions (Owner, Admin, Member) Complete audit log of all actions Multi-tenancy: Organizations are strictly separated from each other

Rate limiting on all API endpoints Content Security Policy (CSP) headers Virus scanning of all email attachments with ClamAV Automatic health checks for all services

How MailDesk Protects Your Data

Security by Design

MailDesk has been developed with security as a priority from the very beginning.

Encryption

Passwords and API keys: AES-256-GCM encrypted in the database — the gold standard for symmetric encryption
Transport: All connections over TLS/HTTPS
IMAP/SMTP: Connections to email servers via SSL/TLS

Access Control

Role-based permissions (Owner, Admin, Member)
Complete audit log of all actions
Multi-tenancy: Organizations are strictly separated from each other

Infrastructure

Rate limiting on all API endpoints
Content Security Policy (CSP) headers
Virus scanning of all email attachments with ClamAV
Automatic health checks for all services

Audit Log

Under Settings → Audit Log you can see all actions taken by your organization — who changed what and when. The log includes configuration changes, member management, ticket actions, and more.