Security
InboxPilot uses server-side sessions, encrypted mailbox credential storage, production Stripe webhooks, SQLite integrity checks, and a daily database backup.
The safe default is read-only scanning. InboxPilot does not fetch or store raw email bodies for scans. Mark-read cleanup requires an approved rule and an explicit execute action.
Secrets are stored in production environment variables. The production database lives outside the deploy tree and is not committed to Git.