Security

Security at MoovMail

MoovMail is built with practical controls focused on protecting customer access, data handling, and administrative operations.

Last updated: May 13, 2026

Platform protections

We use authenticated APIs, role-aware administration, audit trails, and secure transport to reduce unauthorized access and support incident response.

Baseline browser security headers, dependency boundaries, and server-side validation help reduce common web application risks.

Operational safeguards

Access to production systems and sensitive workflows should be limited to authorized personnel with an operational need.

We review account recovery, password handling, and mailbox administration flows to reduce the risk of accidental exposure or misuse.

Customer responsibilities

Customers should enable strong passwords, control admin access, review audit activity, and keep DNS, billing, and recovery contacts accurate.

No client-side application can fully hide shipped code, so security also depends on secure configuration, least privilege, and server-side enforcement.

Reporting vulnerabilities

Please report suspected vulnerabilities responsibly and include reproduction details, affected routes, and impact when possible.

Security reports can be sent to support@moovmail.com.