Email Api
Every Email, Encrypted and Accountable
Features
  • Encrypted Email Storage: Each email address is encrypted with a per-record key sourced from the Keys Api. A database breach exposes ciphertext, not addresses.
  • Hash-Based Lookups: All address lookups use a SHA-512 hash. The raw address never travels in query paths.
  • Transactional Email Delivery: Send templated emails through your configured provider. Currently Postmark; additional providers supported as demand requires.
  • Email Verification Workflow: Initiate and complete email address verification in two API calls. Token generation and delivery are handled by the platform.
  • Webhook-Driven Delivery Intelligence: Bounce and spam complaint events from your email provider are applied automatically. Flagged addresses are updated without manual intervention.
  • Email Status Tracking: Verified, bounced, abused, and banned states are tracked per address and surfaced in every lookup.
  • Full Lifecycle Operations: Create, Get, Exists, and Delete operations cover the complete management lifecycle of every email record.
  • Authorization-Enforced Access: Every request to the Email Api is validated by the Application Api. A service must be registered and authorized before it can create or send emails.
How It Compares
Beyond What Cloud Email Services Offer
More Than a Delivery Problem
Cloud email services solve delivery. The Email Api solves the complete problem: encrypted address storage, hash-based lookups, delivery, verification workflows, and bounce handling — in a self-hosted, sovereignty-preserving service that never exposes your users' addresses to a third party.
Capability
Email Api
US Cloud (AWS/Azure/GCP)
EU Cloud (OVH/Hetzner/Scaleway)
ABP Framework
Per-record address encryption
Hash-based lookups
Transactional email delivery
Email verification workflow
Bounce/complaint handling
Per-record delivery status
Partial
Partial
Database schema and migrations
Envelope encryption
Authorization enforcement
API keys / IAM
API keys / IAM
CLOUD Act exempt
✓¹
Air-gappable
No third-party data custody
¹ EU cloud providers (OVHcloud, Hetzner, Scaleway) are not subject to the US CLOUD Act. However, data remains on the provider's infrastructure — CLOUD Act exemption does not mean sole data custody.
Tech Sovereignty
Arch
Company
About Contact