Security
Trust Center
Transparency is the foundation of security. Here's exactly how MXLens protects your data.
Zero Data Collection
Your emails never leave your browser.
MXLens performs all email analysis using client-side JavaScript and WebAssembly. No email content, headers, or attachments are ever transmitted to our servers.
Technical Architecture
What happens in your browser:
- Email file parsing (postal-mime)
- Header extraction and analysis
- SPF/DKIM/DMARC validation logic
- Phishing indicator detection
- Risk scoring and verdict generation
- PDF link extraction (pdf.js)
What we DO NOT receive:
- Email content or body text
- Email headers (From, To, Subject)
- Attachments or file contents
- IP addresses from email routing
- Any Personally Identifiable Information
Verify It Yourself
Open your browser's DevTools → Network tab while analyzing an email. You'll see 0 bytes of email data sent to any server.
What We Store (For Registered Users)
When you create an account, we store minimal metadata to provide dashboard features:
| Data | Purpose | Retention |
|---|---|---|
| Verdict (Clean/Suspicious/Malicious) | Dashboard statistics | 90 days (configurable) |
| Risk Score (0-100) | Trend analysis | 90 days |
| Timestamp | Activity history | 90 days |
| Processing Time (ms) | Performance monitoring | 30 days |
Note: We never store email content, headers, sender information, or any text from the email itself.
Compliance Roadmap
SOC 2
Type II - In Progress
Q2 2025
GDPR
Compliant by Design
Active
ISO 27001
Certification Planned
Q4 2025
Questions about our security practices?
Our team is happy to discuss technical details with your security team.