Security and Trust Compliance
For University IT Administrators, Security Teams, and any security-conscious users of the system
Email Cheat Code is a product operated by Cuff Technology Solutions, LLC. This document confirms the security posture of the service across the EmailCheatCode.com and WatchMyInbox.com domains.
1. Data Access & Minimization
| Area | Policy | Technical Implementation |
|---|---|---|
| Email Access | Strictly Read-Only Access (Gmail: gmail.readonly, Microsoft: Mail.Read). We are physically unable to send, delete, or modify any content in a user's inbox. | Confirmed via Google OAuth Scope. |
| Data Stored | Metadata/Summary ONLY. We store encrypted alert history (sender, subject, date/time, labels, importance flags, and AI-generated summaries). Our system uses Claude (by Anthropic) to create short alert summaries and may store multiple candidates per email to refine quality. The raw email body is never stored. | Data is stored in managed PostgreSQL via Supabase. |
| PII Handling | Redacted Before Storage. PII (SSNs, credit card numbers) is automatically detected and redacted from alert metadata before storage or transmission. | Implemented in our email processing pipeline. |
| Token Storage | Encrypted at Rest. OAuth access and refresh tokens are encrypted using a strong, verified key. | Supabase, Row-Level Security (RLS) enforced. |
We're Not Your Email Archive
Our purpose is to help you catch time-critical emails, not to replace or archive your inbox. We only store the minimal metadata and AI-generated summaries needed to show you alert history and provide context for action. Your email inbox remains your source of truth for all email content.
2. Security Posture & Compliance
- ✓Application Security Scanning (CI/CD): Our development pipeline includes automated Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Software Bill of Materials (SBOM) generation.
- ✓AI-Powered Processing: Email content is processed through AWS Lambda infrastructure using Claude (Anthropic) for intelligent alert classification. All processing follows strict data minimization principles - only alert-worthy emails generate stored summaries.
- ✓CASA Verification Commitment: We are committed to completing the Cloud Application Security Assessment (CASA) Tier 2 audit to ensure full compliance.
- ✓OWASP Compliance: Controls against the OWASP Top 10 are enforced, including Rate Limiting (A07) on all login endpoints and security headers.
- ✓Email Authentication: All outbound emails are authenticated with DMARC, SPF, and DKIM to ensure domain integrity and prevent phishing.
3. Contact Information
Legal Entity: Cuff Technology Solutions, LLC
Official Mailing Address:
23 Willow St
West Harwich, MA 02671
Email: contact@watchmyinbox.com
Phone: +1 978 267 0411