Server-side security
At Scribe, we understand that email is a critical communication channel, and we treat it with the level of security and privacy it deserves. Our server-side signature insertion feature has been designed to meet enterprise-grade security standards while ensuring seamless integration with your existing email flow.
Scribe is SOC 2 Type II compliant.
🔒 How it works — securely
When server-side insertion is enabled, your users’ outgoing emails are temporarily routed through Scribe’s secure mail relay. Here’s what happens:
The email is received by Scribe’s server over a secure, encrypted connection (TLS).
We inspect only the necessary parts of the message to determine whether a signature needs to be applied.
If needed, the signature is injected in-memory—we do not store or archive the email content.
The modified email is then returned to Google for final delivery, preserving native deliverability, SPF/DKIM alignment, and user trust.
✅ No data is stored
No message content is persisted: Emails are processed entirely in RAM and are never stored on disk.
No third-party sharing: Emails are never sent to any system outside of Scribe’s own secure infrastructure.
No access to inboxes: We only process outgoing messages; your users’ inboxes and message histories are untouched.
Last updated