Trust Center

Privacy is architecture,
not policy.

We physically cannot read your emails. Here's the technical proof.

How RAM-Only Processing Works

Every scan follows this exact path. Nothing deviates from it.

01

Email Arrives

Gmail / Outlook delivers the email to your account via OAuth. Glance receives a notification, not the email itself.

02

Loaded into RAM

Metadata and a temporary pointer are loaded into memory only. A 5-second TTL is set. Nothing written to disk.

03

AI Scans In-Memory

12 detection layers run against the in-memory data: heuristics, domain checks, link scanning, AI classification.

04

RAM Wiped

Scan completes. Memory is released. Only the threat score, timestamp, and sender domain are persisted — never content.

The Zero-Knowledge Guarantee

Three absolute statements. Not promises — architectural facts.

We cannot read your emails.

Email bodies are never fetched from Gmail or Outlook servers for storage. The OAuth scopes Glance requests are limited to metadata + labels. Content is accessed in-flight for scanning only, inside an isolated compute context with a 5s TTL.

We do not store email content.

Our database schema has no column for subject lines, body text, or attachments. Audit it yourself — our schema is open-sourced. The only scan artifact written to disk is a numeric threat score (0–100), a timestamp, and the sender domain.

Your data is never sold or shared.

Threat intelligence is aggregated at the domain level — never at the individual email level. We share no PII with third-party analytics services. All external API calls (VirusTotal, AbuseIPDB) send only URLs and domain hashes, never sender identities.

What We Can See

Transparency about what IS stored. No black boxes. We show you exactly what metadata we retain and why.

What Is Stored

  • Sender email address

    Required for threat detection and blocklist matching

  • Sender domain

    Required for domain age, reputation, and lookalike checks

  • Threat score

    Outcome of the scan — stored as a number, no content

  • Scan timestamp

    For audit trail and rate-limit enforcement

  • Aggregate scan counts

    Usage metering for your subscription tier

  • SPF / DKIM / DMARC result

    Authentication outcome (pass/fail) — not message content

What Is Never Stored

  • Email body or subject line
  • Email recipients beyond the sender
  • Attachment contents
  • Email metadata not listed above
  • Your contacts list
  • Sent emails

These restrictions are enforced at the schema level — there is no column to store this data even if the code attempted to.

Compliance Timeline

Where we are and where we're going.

Zero-knowledge architecture implemented

Complete

No email content ever written to disk or database

RAM-only AI processing

Complete

5-second TTL; memory wiped immediately after scan

Encrypted OAuth token storage

Complete

AES-256-GCM encrypted at rest, never logged

SOC 2 Type 2 audit

In Progress

Audit in progress with third-party assessor

ISO 27001 certification

Planned

Planned — Q4 2026

Security Contact

Found a vulnerability? We take all reports seriously. Our security team responds within 24 hours.

security@glance-co.com

Responsible Disclosure

We operate a responsible disclosure program. Researchers who report valid vulnerabilities in good faith will not face legal action.

Please allow 90 days for remediation before public disclosure. Include reproduction steps, impact assessment, and suggested fix if possible.

Ready to experience privacy-first email security?

Get Protected — FreeTechnical Security Details