Here at Shortwave we understand your email can contain a lot of important and potentially sensitive information. It's not something we take lightly. Our team is passionate about security and privacy, and will do everything we can to be transparent with how your data is handled.

Steps we take

Google verification

Shortwave has gone through extra measures to follow Google's verification process.

Yearly third-party security assessment

One of the additional requirements Shortwave takes to meet Google's conditions for specific scopes is doing an annual security audit. This means Shortwave has been thoroughly assessed by a Google-designated third-party security auditor. The security audit makes sure your data is safe by verifying that:

  1. Shortwave is capable of handling data securely
  2. Shortwave is capable of deleting user data upon user request

If you ever want us to delete your account and all associated data, you can do so from settings at any time.

Encrypted at rest & in transit

All data that Shortwave stores is AES256 encrypted at rest. We also TLS encrypt all network traffic between our application and servers, as well as within our internal networks.

Common questions

Are my emails stored on Shortwave servers?

Yes. Shortwave syncs your mail to our servers so we can provide many of our features — such as threading, real-time email & collaboration, and more.

Does Shortwave block tracking pixels?

Yes. We automatically detect and remove the majority of tracking pixels from emails. We also proxy all images through our servers as to not leak your IP or browser info.

How does Shortwave use my data for its AI features?

We use the OpenAI API to enable AI features in Shortwave. When you interact with these features, we share your email content with OpenAI, but only to provide you with the requested feature. Your data is not used to train OpenAI's model or any other machine learning models.

For a deeper understanding of how your data is handled, refer to OpenAI's Privacy Policy and Terms of Service.

Why should I trust Shortwave with my emails?

Our engineering team is made up of ex-Google / ex-Firebase engineers with lots of experience building high security, high reliability data systems at Google. Our founding team worked tirelessly at Firebase to get people to trust us as their app's database. We know we have to work similarly hard here at Shortwave to get you to trust us with your email. We've done this before, and we are confident we can do it again. If you have any specific questions or concerns, feel free to email