Security
Security at MoovMail
MoovMail is built with practical controls focused on protecting customer access, data handling, and administrative operations.
Last updated: May 13, 2026
Platform protections
We use authenticated APIs, role-aware administration, audit trails, and secure transport to reduce unauthorized access and support incident response.
Baseline browser security headers, dependency boundaries, and server-side validation help reduce common web application risks.
Operational safeguards
Access to production systems and sensitive workflows should be limited to authorized personnel with an operational need.
We review account recovery, password handling, and mailbox administration flows to reduce the risk of accidental exposure or misuse.
Customer responsibilities
Customers should enable strong passwords, control admin access, review audit activity, and keep DNS, billing, and recovery contacts accurate.
No client-side application can fully hide shipped code, so security also depends on secure configuration, least privilege, and server-side enforcement.
Reporting vulnerabilities
Please report suspected vulnerabilities responsibly and include reproduction details, affected routes, and impact when possible.
Security reports can be sent to support@moovmail.com.
