Privacy & Security

Maexry is built on a zero-knowledge architecture. Your emails, your device, your control.

Zero-Knowledge Model

Maexry is designed so that email content is never stored on Maexry servers.

• Emails are fetched directly from Gmail to your device.
• Local data is encrypted in a SQLCipher database using AES-256.
• Encryption keys live in your device's Secure Enclave (iOS/macOS) or StrongBox (Android) — hardware-protected and inaccessible to us.
• Maexry does not have access to those keys.
• A breach of Maexry systems would reveal only encrypted noise, not readable email content.

AI Privacy

In BYOK mode, AI requests go directly from your device to the AI provider you choose. Maexry does not proxy those requests through its own servers. Maexry does not store AI API keys on its servers — keys are stored in your device's hardware vault.

Before any email data reaches your chosen AI provider, the on-device Sentry engine scrubs PII locally via llama.cpp. Sensitive information is redacted before it ever leaves your device.

Instant Plan Privacy

On the Instant plan, Maexry provisions a provider key on your behalf — but your email data still flows directly from your device to Gemini, OpenAI, or Anthropic. Maexry never sees it and keeps no logs on the provider side. Maexry cannot read your emails regardless of which plan you choose.

What Maexry Does Not Collect

• Email content
• Email subjects
• Sender information
• AI API keys
• Contacts
• Calendar data

What Maexry May Collect

• Minimal subscription status data (user ID and billing tier)
• Optional encrypted sync blobs if cross-device sync is enabled (we cannot decrypt these)
• Optional anonymous crash or performance telemetry

Cross-Device Sync Security

When sync is enabled (Pro and Instant plans), your data is synchronized using encrypted "Dark Blobs" — binary packages encrypted with keys that only your devices hold. Maexry's servers relay these blobs but cannot read them. Even if our sync servers were breached, attackers would find only encrypted binary, device UUIDs, and sync timestamps — no email content, no subjects, no senders, no categories.

Common Security Questions

Can Maexry employees read my emails?

No. There is no server-side code path that accesses email content. Encryption keys exist only in your device's Secure Enclave. Maexry has no decryption capability.

What if Maexry servers are breached?

Maexry servers hold encrypted sync blobs and minimal metadata, not readable email content. A breach would reveal encrypted noise — useless without the decryption keys that live only on your device.

What if I lose my device?

Your master key is hardware-bound to that specific device and cannot be extracted. For new devices, you re-enter your master password to decrypt your sync seed and regenerate your keys. Your encrypted sync data remains safe — it's useless without your master password.

Can law enforcement access my data through Maexry?

Maexry cannot provide email content it does not possess. Your emails never touch our servers, so there is nothing to subpoena. Even if ordered to hand over data, we only have encrypted blobs that are mathematically impossible to decrypt without your master key.

How can I verify these privacy claims?

Our zero-knowledge architecture is designed to be verifiable, not just promised. You can monitor your network traffic and inspect connections to confirm that no email content leaves your device to Maexry servers.

Privacy Contact

For privacy-specific questions, contact privacy@maexry.ai. For general support, reach out to hello@maexry.ai.