Frequently Asked Questions

Mathematically impossible. Your emails are stored only on your device, and AI classification runs through your own API keys — we never see your content. When syncing across devices, only encrypted blobs touch our servers — and we don't have the keys to decrypt them. Our zero-knowledge architecture means we cannot access your email content.

There's nothing to hack. We don't store your emails, API keys, or encryption keys. A breach of our servers would reveal... encrypted noise. Your master key is hardware-bound to your device's Secure Enclave, not stored on our servers.

Your master key is hardware-bound to that specific device and cannot be extracted. For new devices, you'll re-enter your master password once to decrypt your sync seed and regenerate your keys. Your encrypted sync data remains safe — it's useless without your master password.

We cannot provide what we don't have. Your emails never touch our servers, so there's nothing to subpoena. Even if ordered to hand over data, we only have encrypted blobs that are mathematically impossible to decrypt without your master key.

We use industry-standard encryption (AES-256-GCM) with OWASP-recommended key derivation (Argon2id). Our zero-knowledge architecture means there is nothing to trust — monitor your network traffic and verify for yourself that no email content leaves your device.

We use a BYOK (Bring Your Own Key) model. You provide your own AI API key from Gemini, OpenAI, or Anthropic. You pay them directly based on actual usage — typically $0.50-$1.00/month. No expensive subscriptions, no middleman markup.

Yes. Your one-time Base purchase includes every future update, new feature, and maintenance release at no additional cost — for as long as Maexry is in operation. No upgrade fees. No version gating.

Classification runs through the AI provider you choose (your own API key or your own Ollama instance). Before any email data reaches that provider, the on-device Sentry engine scrubs PII. Storage, key management, and PII redaction are always on your device.

No. There is no server-side code path that accesses email content. Encryption keys exist only in your device's Secure Enclave. We have no decryption capability.

Attackers would find Dark Blobs (encrypted binary), device UUIDs, and sync timestamps. No email content, no subjects, no senders, no categories. The encryption keys are on your device, not our server.

Maexry classifies your email into 8 categories using an LLM. You provide the LLM — either your own API key (BYOK) or your own Ollama instance (Bridge). This means you control the AI provider, the cost, and the data flow.

Bridge connects Maexry to your local Ollama instance. Classification runs on your own hardware, on your own network. Zero cloud dependency. This is the option for users who want fully local intelligence.

Most AI email apps send your email to their cloud, process it with their AI, and store it on their servers. Maexry stores email on your device (encrypted), scrubs PII locally, and sends only redacted fragments to an AI provider you choose and pay directly. We never see your email content.

Maexry runs natively on iOS (iPhone and iPad) and macOS. Android and Windows are coming soon. There is no web app — local AI processing requires direct hardware access, so Maexry is native-only by design. The macOS desktop app also serves as the host for Personal Relay and Ollama Bridge, letting your phone use your desktop's AI processing power.

Open Maexry → Settings → Subscription → Manage Billing. This opens your Stripe billing portal, where you can update your payment method, switch between plans, or cancel. Cancellation takes effect at the end of your current billing period — you keep full access until then. After a monthly subscription cancels, sync and AI stop — existing emails remain readable on-device. Annual subscribers fall back to permanent Base access (BYOK/Ollama forever). Nothing is deleted.

Yes. On Base ($19.99 one-time), install Maexry on as many devices as you want. Each device runs independently with its own local database — no sync between them. On Pro ($3.99/month or $34.99/year), your settings, categories, and read states sync across devices via end-to-end encrypted blobs that we cannot decrypt — Pro is standalone, no separate Base purchase needed. On Instant ($9.99/month or $79.99/year), you get everything in Pro plus a Maexry-managed AI key — no keys to configure on each device.

Personal Relay lets your phone use your desktop's AI processing power. Your Mac runs the AI model, and the results are sent to your mobile device over an end-to-end encrypted connection. Maexry's servers relay the encrypted packets but cannot read them. This means your phone gets AI classification without needing its own API key or running a local model. It requires the desktop app to be running and signed into the same account. Available on Pro and Instant plans.

Your data lives in an encrypted SQLite database on your device. Maexry does not keep a cloud copy — you own the only copy. If you delete the app, the local database is permanently removed. We cannot recover your data for you — that's the point of zero-knowledge architecture.

After the 14-day trial, sync and AI stop — existing emails remain readable on-device. Your data stays on your device untouched. Nothing is deleted or locked. You can buy at any time to reactivate: Base is $19.99 once (bring your own AI key), or subscribe to Pro ($3.99/mo) or Instant ($9.99/mo) for standalone access to everything. Annual subscribers get permanent Base access if they cancel later.

Ollama lets you run open-source AI models entirely on your own hardware. Install Ollama on your Mac or PC, pull a recommended model, and point Maexry to your local Ollama instance (a localhost URL in Settings). Every AI classification then runs on your machine — zero network calls, maximum sovereignty. The tradeoff: it requires a reasonably powerful computer with 8 GB+ RAM.

Maexry includes a built-in Model Context Protocol (MCP) server that lets AI assistants — Claude, OpenAI, Gemini, and any MCP-compatible agent — read and act on your email directly. It runs on localhost only, requires a Bearer token, and auto-starts after vault unlock. Your email never leaves your device to reach the MCP server; the server is local software, not a cloud service.

Claude Code, Claude Desktop, OpenAI Assistants, and Gemini CLI are all supported. Any agent or tool that speaks the MCP 2025-06-18 protocol over Streamable HTTP can connect. Maexry's Settings → Integrations → MCP Server provides pre-filled config snippets for each supported platform.

A connected assistant has access to 25 tools: fetching emails and threads, searching with filters, reading categories and action cards, drafting replies, archiving, deleting, labeling, moving messages, batch operations (up to 50 messages per call), listing and downloading attachments, and writing Sovereign Vault notes. Every tool call is subject to Maexry's PII redaction and per-account access controls.

Yes. The server binds exclusively to `127.0.0.1` — external hosts cannot reach it. Each session requires a Bearer token generated on-device. Tokens are revoked automatically when you lock your vault or quit Maexry. PII redaction runs on all content before it reaches your AI provider. No MCP traffic transits Maexry's servers.

Maexry encrypts all data at rest using AES-256-GCM via SQLCipher — the same standard used in banking and defense applications. But encryption alone is only half the story. What matters is the key architecture. A single 256-bit Master Seed, generated by a cryptographically secure random number generator, is the root of all encryption. From this seed, nine purpose-specific keys are derived using HKDF-SHA256 with unique context strings — one for the database, one for your API keys, one for OAuth tokens, one for settings sync, and so on. Each key is cryptographically independent: compromising one does not compromise the others. The Master Seed itself is never held in memory beyond the initial unlock — it is derived, used to produce all nine subkeys, and immediately zeroized. On macOS, the subkey memory is pinned in RAM (mlock) to prevent it from being swapped to disk.

Your Master Seed is encrypted by a P-256 asymmetric key generated inside your device's Secure Enclave (Apple Silicon) or StrongBox (Android). This hardware key is physically non-exportable — no software, including Maexry, can read it. The Secure Enclave performs encryption and decryption operations internally; the key material never enters main memory. To unlock your data, you authenticate with biometrics (Face ID, Touch ID) or your device passcode. The Secure Enclave decrypts the Master Seed, the app derives all nine subkeys, and the seed is immediately wiped from RAM. Operations that need the raw seed later (like exporting a backup) require a fresh biometric authentication each time.

No — and this is not a policy claim. It is an architectural guarantee. Your encryption keys exist only on devices you control. Maexry's servers store and relay encrypted blobs, but hold no key material. Even under a complete server compromise, an attacker would see only ciphertext indistinguishable from random noise. There is no "admin key," no escrow, no server-side decryption path. The Dark Blob backup is wrapped with a password only you know, using Argon2id with 64 MB of memory cost — brute-forcing it is computationally prohibitive. We designed the system so that "we cannot read your email" is a statement of mathematics, not trust.

You have two recovery paths, both designed so that Maexry never sees your keys: Password Recovery (Dark Blob): During setup, you create an encrypted backup of your Master Seed protected by a password you choose. This backup is stored on our server as a "Dark Blob" — encrypted with Argon2id (64 MB memory, 3 iterations, 4 parallel lanes). On a new device, you enter your password, the blob is decrypted locally, and a fresh Secure Enclave key re-wraps the seed on the new hardware. Without the correct password, the blob is useless. QR Key Exchange: If you still have another device, you can transfer the Master Seed directly. Device B generates an ephemeral key pair and displays the public key as a QR code. Device A scans it, computes a shared secret via ECDH, encrypts the seed, and sends it through a relay. Device B decrypts and stores it locally. The relay sees only encrypted data.

The key insight is deterministic key derivation. Every device that holds the same Master Seed derives the exact same nine subkeys — same seed plus same context string always produces the same key. This means Device A and Device B can independently encrypt and decrypt the same data without ever exchanging keys after the initial seed transfer. Synced data — settings, classification results, intelligence data — is encrypted on the sending device with the appropriate HKDF subkey, uploaded as an opaque blob, and decrypted on the receiving device with the locally-derived copy of the same key. The server is a relay, not a participant. It stores and forwards blobs it cannot read.

BYOK (Bring Your Own Key) means you connect your own API key from a supported provider — OpenAI, Anthropic, or Google — and Maexry uses it to classify and analyze your email. Your API key is encrypted at rest with a dedicated HKDF subkey and sent directly to the provider over TLS. It never passes through Maexry's servers. This matters for three reasons. First, privacy: your email content goes directly from your device to a provider you chose, under an agreement between you and them. Second, cost: you pay the provider's wholesale API rate (typically under $0.50/month for email classification) instead of a markup bundled into a subscription. Third, control: you can switch providers, use a local Ollama instance via the Bridge Engine, or disable cloud AI entirely.

Before any email content is sent to a cloud AI provider, the Sentry engine — running locally on your device via llama.cpp with Metal GPU acceleration — scrubs personally identifiable information. Names, credit card numbers, social security numbers, and other sensitive data are redacted on-device before the request leaves. Beyond redaction, Maexry's IntelligenceRouter enforces a hard privacy gate: tasks classified as PII-sensitive are architecturally blocked from routing to any remote engine. This is not a configuration setting that can be toggled off — it is a defense-in-depth check compiled into the routing logic. The router sets a requires_redaction flag for all remote-bound tasks, and the privacy gate rejects PII-sensitive tasks from remote engines entirely, even if a user attempts to override the routing preference.

Maexry is built by Maexry LLC, a US company based in Atlanta, Georgia. We believe trust starts with accountability — you should know exactly who is behind the software that handles your email. Maexry is a registered US entity, subject to US law, with an identifiable team and a physical presence. We chose to build Maexry's zero-knowledge architecture precisely because we believe the best way to earn trust is to remove the need for it: if we cannot access your data by design, the question of whether you should trust us becomes moot.