uff

Security

Last updated: July 2026

Infrastructure providers

Every layer of uff.email is built on infrastructure we trust. Here's the full stack:

Cloudflare
DNS, DDoS protection, and edge routing. All email delivery and domain resolution flows through Cloudflare's network.
OVH
European VPS hosting. Powers both the Mailu email server and agent containers. Each agent instance runs in its own isolated environment with no cross-talk between users. No shared memory, no shared disk.
OpenRouter
LLM API provider. We exclusively use models with full data retention policies — no zero-retention endpoints that could expose data to ambiguous logging practices.

Isolation

Agent instances on OVH are fully isolated. Each user gets their own container with dedicated storage and memory. There is no shared state, no shared database, and no path for data to leak between instances. Think of it as a single-tenant architecture — every agent is a silo.

We don't look at your data

As a service provider, we do not read, analyze, monitor, or access the contents of user agent instances. Not for debugging, not for training, not for "product improvement." Your agent's memory, prompts, and email contents are yours alone.

Admin capabilities

As the service operator, we are strictly limited to infrastructure-level actions. We can:

We cannot read your prompts, browse your agent's memory, access your emails, or view any user-level data. The agent runs on your behalf, and the boundary is hardware-level.

Encryption

All email transport uses enforced TLS via Mailu. Agent storage on OVH is encrypted at rest. API calls to OpenRouter are transmitted over HTTPS.

Report an issue

If you find a security vulnerability or have concerns, contact us at support@uff.email.