TekSpert Mail
Get started

Security

How we protect your email, your data, and your privacy.

Encryption

All communication between your device and TekSpert Mail servers is encrypted using TLS 1.3, the latest version of the Transport Layer Security protocol. This ensures that your login credentials, email content, and attachments cannot be intercepted or read by third parties during transmission.

Email data stored on our servers is encrypted at rest using AES-256, the same encryption standard used by financial institutions and government agencies. Database backups are also encrypted and stored in geographically separate locations to protect against data loss.

Passwords are never stored in plain text. We use bcrypt with per-user salts to hash all passwords, making them computationally infeasible to reverse even in the event of a database breach.

Authentication and access control

TekSpert Mail uses secure session-based authentication with JSON Web Tokens (JWT). Sessions are time-limited and automatically expire after a period of inactivity, requiring the user to re-authenticate.

All authentication endpoints are rate-limited to prevent brute-force attacks. After a configurable number of failed login attempts, the account is temporarily locked to protect against credential stuffing.

Email account credentials are encrypted before being stored in the database and are never exposed through the API or user interface.

Infrastructure security

Our production servers run on hardened Linux systems with automatic security patching enabled. The application runs behind a reverse proxy with strict Content Security Policy (CSP) headers to prevent cross-site scripting (XSS) and other injection attacks.

Database access is restricted to the application server only and is not exposed to the public internet. All database connections use encrypted channels and require authentication.

We perform regular security audits of our codebase and infrastructure. Dependencies are monitored for known vulnerabilities and updated promptly when patches are available.

Spam and threat protection

TekSpert Mail includes built-in spam filtering that automatically identifies and separates junk mail from your inbox. Suspected spam is moved to a dedicated Spam folder where it can be reviewed and permanently deleted.

You can manually report emails as spam or mark false positives as “not spam” to improve filtering accuracy for your account. These actions are also reflected on the remote IMAP server, so changes persist across all connected clients.

Email attachments are validated on upload to prevent the distribution of potentially harmful file types. Inline HTML content in received emails is sanitised before rendering to protect against embedded scripts and tracking pixels.

Privacy and data handling

TekSpert Mail is fully compliant with the EU General Data Protection Regulation (GDPR). We process personal data only as necessary to provide the email service and do not share user data with third parties for any purpose.

We do not display advertisements in the application. We do not scan, analyse, or monetise the content of your emails. Our business model is based entirely on providing a quality email service — not on selling user data.

Users can request a full export of their data or permanent deletion of their account at any time by contacting support@tekspert.co.uk.

For full details, please read our Privacy Policy and Terms of Service.

Questions about our security practices?

Contact our team for more information about how we protect your data.

Contact support