Security, access controls, and retention

Email often contains sensitive information. Plop is built around access controls, auditability, and minimal retention.

#Security principles

• Least-privilege access for accounts and API keys.
• Explicit mailbox permissions for teams.
• Clear audit trails for inbound messages and access.

#Retention controls

Retention is set by plan: Starter retains messages for 14 days, Pro retains messages for 90 days, and Enterprise retention is defined by agreement. Messages older than the retention window are deleted and no longer accessible through the API or app.

#What we do not do

• We do not read message content for ad targeting.
• We do not sell personal data.
• We do not expose your inbox data to third parties without consent.

If you need a specific compliance review, contact us and we will share our security posture and architecture details.