Skip to main content

Security FAQ's

Your SaneBox Security Questions Answered!


HIPAA Compliance:


Q: Does SaneBox offer a Business Associate Agreement (BAA)?

A: Absolutely! We understand the importance of HIPAA compliance. You can find our BAA here: link to BAA.


Data Security:


Q: How does SaneBox protect user credentials from employee access?


A: We take data security very seriously. User credentials are secured with multiple layers of protection:

  • Isolated network with restricted internet access.
  • Bastion host access requires individual credentials.
  • Remote access only through secure VPN connections.
  • Production machines have separate, strong credentials.
  • Industry-standard encryption protects all credentials.
  • Encryption keys are secured in a separate system.
  • Only authorized senior engineers have access to critical credentials.


Q: How does SaneBox prevent accidental access to full email bodies (instead of just headers)?


A: We have robust controls:

  • All access and commands are logged and reviewed daily.
  • System changes undergo thorough review and testing by senior engineers.


Data Breach Response:


Q: What defines a data breach at SaneBox?


A: We have multiple safeguards:

  • Intrusion detection system alerts for unauthorized access attempts.
  • Secure credential store system provides an additional layer of protection.
  • A data breach would require overcoming both these barriers.


Q: How does SaneBox notify users of a data breach?


A: We prioritize user notification:

  • Any suspected breach triggers immediate investigation.
  • We confirm if customer data was accessed.
  • All affected users are promptly notified.


Data Sharing:


Q: What data does SaneBox share with third parties?

A: We use some third-party services for monitoring and logging (with agreements):

  • We share limited information for service maintenance: email address, contacts’ email addresses, message subjects, and message dates.
  • We prioritize data minimization, sending only information strictly necessary.


Email Content Access:


Q: Can SaneBox employees or systems access email content?


A: Technically, yes (due to limitations of the IMAP protocol). However, this access is strictly controlled:

  • SaneBox reads content only for specific features: SaneReminders, SaneAttachments, and some SaneSnooze functionalities.
  • With proper configuration, even content access for these features can be minimized.


Have more questions?

Contact our support team at support@sanebox.com or visit our Privacy page: link to Privacy page.


We’re committed to keeping your data safe!