Last updated: July 2025
This threat model outlines what [@fuck.it] protects you from - and what we don’t. We believe in honesty, not false promises.
On supported plans, we offer optional end-to-end encryption via OX Guard, covering emails, attachments and cloud storage. Users can activate and manage encryption settings as needed. Outside of that, data is still encrypted in transit (TLS) and at rest, with no access by unauthorized personnel.
That said, end-to-end encryption is not enabled by default and must be actively used for each message. Without it, your data is encrypted in transit and at rest, but remains accessible to authorized staff if legally required. If privacy is paramount, we strongly encourage the use of OX Guard or compatible third-party tools in your local environment.
Note: As the underlying platform, OX may retain temporarily recoverable message states for disaster recovery or undelete functionality. While deleted messages are generally removed, edge cases exist where partial recovery is technically possible within short timeframes.
We comply with valid legal requests. If we’re allowed, we’ll notify you. We do not build backdoors or offer mass access to anyone.
We work with a hosting company and payment provider. These services only have the data needed to do their jobs. We vet their security but can’t guarantee perfection.
We use Open-Xchange (OX) as our core infrastructure provider. They are GDPR-compliant, ISO-certified and operate under strict access controls. For more, see our Privacy Policy.
Security isn’t a product - it’s a posture. We do our part. You do yours. Together, it works.
No bullshit.
No guarantees.
Just good security sense.