MailDigest AIMailDigest AI
CASA Tier 2 โ€” Verified

Security & Trust

MailDigest AI has completed an independent Cloud Application Security Assessment (CASA) Tier 2, validating our application against the OWASP Application Security Verification Standard. Below is the public statement of validation.

Independently verified

The assessment was conducted by TAC Security, an independent third-party laboratory authorized by the App Defense Alliance to perform CASA security assessments. All 14 control categories were evaluated and passed.

Minimal access to your Gmail

Access to your mailbox is restricted to the strict minimum:

  • Read-only scope gmail.readonly โ€” we can never send, delete or modify your emails
  • OAuth tokens encrypted at rest with AES-256-GCM, decrypted only at the moment of use
  • Email content processed in memory to build the digest and never permanently stored
  • Compliant with the Google API Services User Data Policy, including Limited Use requirements

For full details on how data is handled and our sub-processors, see the Privacy Policy.

What was tested

The assessment covers the OWASP ASVS control categories below. Every applicable category passed.

Architecture, Design & Threat ModelingPass
AuthenticationPass
Session ManagementPass
Access ControlPass
Validation, Sanitization & EncodingPass
Stored CryptographyPass
Error Handling & LoggingPass
Data ProtectionPass
CommunicationsPass
Malicious CodePass
Business LogicPass
File & ResourcesPass
API & Web ServicePass
ConfigurationPass

CASA is an independent third-party security assessment. It does not constitute a certification, endorsement, partnership or sponsorship by Google or the App Defense Alliance.