Frequently Asked Questions

Mathematically impossible. Your emails are stored only on your device, and AI classification runs through your own API keys — we never see your content. When syncing across devices, only encrypted blobs touch our servers — and we don't have the keys to decrypt them. Our zero-knowledge architecture means we cannot access your email content.

There's nothing to hack. We don't store your emails, API keys, or encryption keys. A breach of our servers would reveal... encrypted noise. Your master key is hardware-bound to your device's Secure Enclave, not stored on our servers.

Your master key is hardware-bound to that specific device and cannot be extracted. For new devices, you'll re-enter your master password once to decrypt your sync seed and regenerate your keys. Your encrypted sync data remains safe — it's useless without your master password.

We cannot provide what we don't have. Your emails never touch our servers, so there's nothing to subpoena. Even if ordered to hand over data, we only have encrypted blobs that are mathematically impossible to decrypt without your master key.

Our architecture is fully documented and auditable. The core Rust cryptography code will be open-sourced for independent security verification. We use industry-standard encryption (AES-256-GCM) with OWASP-recommended key derivation (Argon2id).

We use a BYOK (Bring Your Own Key) model. You provide your own AI API key from Gemini, OpenAI, or Anthropic. You pay them directly based on actual usage — typically $0.50-$1.00/month. No expensive subscriptions, no middleman markup.

Classification runs through the AI provider you choose (your own API key or your own Ollama instance). Before any email data reaches that provider, the on-device Sentry engine scrubs PII. Storage, key management, and PII redaction are always on your device.

No. There is no server-side code path that accesses email content. Encryption keys exist only in your device's Secure Enclave. We have no decryption capability.

Attackers would find Dark Blobs (encrypted binary), device UUIDs, and sync timestamps. No email content, no subjects, no senders, no categories. The encryption keys are on your device, not our server.

Xiftly classifies your email into 8 categories using an LLM. You provide the LLM — either your own API key (BYOK) or your own Ollama instance (Bridge). This means you control the AI provider, the cost, and the data flow.

Bridge connects Xiftly to your local Ollama instance. Classification runs on your own hardware, on your own network. Zero cloud dependency. This is the option for users who want fully local intelligence.

Most AI email apps send your email to their cloud, process it with their AI, and store it on their servers. Xiftly stores email on your device (encrypted), scrubs PII locally, and sends only redacted fragments to an AI provider you choose and pay directly. We never see your email content.