Sign in Connect your Inbox
Privacy
Sign in Connect your Inbox

Security built into the workflow

Protection belongs inside the product, not bolted on after.

Clutterstrike is built with security-first engineering practices: encrypted credentials, explicit approval gates, layered threat screening, and auditable activity trails.

Current controls

What's actually in place today.

Specific safeguards we operate today — not certification language we haven't earned. If a control isn't on this page, we don't claim it.

Encrypted credentials

Connected account credentials are encrypted at rest and protected separately from ordinary application session handling.

Approval required

AI drafting does not mean autonomous execution. Sends, edits, and other sensitive actions pause for human approval.

Threat screening

Inbound messages are screened before they become another thing the user has to reason about in the inbox.

Auditable activity

Agent actions, approvals, and important workflow changes are visible in activity history instead of disappearing behind automation.

AI Guard flow

7-phase protection.

Every email passes through the AI Guard pipeline before you ever see it. CSS-hidden text, invisible font exploits, and prompt injection attempts are stripped at the sanitization boundary, so the AI never sees raw hostile content.

1.

MIME Parsing

Dissect headers, body, and attachments.

2.

Header Forensics

Check SPF, DKIM, and Reply-To mismatch signals.

3.

Sender Reputation

Score domain age, homoglyph risk, and freemail patterns.

4.

Threat Scoring

Combine weighted signals into a composite risk score.

5.

Prompt Injection Detection

Strip hidden instructions targeting AI before model access.

6.

AI Explainer

Generate plain-language threat analysis for human review.

7.

Sanitized Evidence

Return clean, AI-safe output with the boundary intact.

AI Guard is a defense-in-depth layer — not a guarantee

AI Guard is designed to catch the vast majority of phishing, scam, malicious-link, and prompt-injection attempts before they reach you. No automated threat-screening system catches every threat. AI Guard occasionally misses malicious mail and occasionally flags legitimate mail.

Treat it as one of several defenses — alongside your provider's spam controls, your own judgment, and any organization-level security tooling — not as a replacement for them. We do not warrant that AI Guard (or any AI-powered feature) will detect every fraudulent or unwanted message. See Terms § 6 for the full disclaimer.

Data handling

What we store, what we use it for, and what you control.

Three plain answers: what stays in the product, what powers the workflow, and what you can disconnect or delete on your own.

What we store

The product stores the information it needs to deliver the workflow: connected account metadata, recent message context, encrypted credentials, and the activity needed to support approvals and history.

What we use it for

Clutterstrike uses that data to organize conversations, power drafting and summarization, screen risky content, and keep tasks and follow-up tied back to source context.

What you control

Users can disconnect providers, control account connections, and manage what workflows they want active instead of being locked into opaque automation defaults.

Report an issue

Found a security problem? Tell us directly.

If you find a vulnerability or something that feels unsafe, contact the team at security@clutterstrike.com and include enough detail for us to reproduce and respond.

Email security@clutterstrike.com Read privacy policy