Skip to content
MyEverAddress
  • How it works
  • Features
  • AI intelligence
  • Security
  • Pricing
Try the free demo Get my address
  • How it works
  • Features
  • AI intelligence
  • Security
  • Pricing
  • Try the free demo
  • Get my address
← All policies Last updated Invalid Date

Draft — pending attorney review. This document is a working draft prepared for legal review and is not yet final. It may contain placeholders and is provided for transparency, not as a binding agreement in its current form.

Security Practices

What this means — plain-English summary, not legally binding; the full text below governs.

  • Your mail and documents are sensitive, and we build the service around protecting them.
  • We encrypt data, limit who on our team can see what, and keep a record of sensitive actions.
  • You control your account with strong sign-in options and can see your own activity.
  • We’re honest about what’s built today versus what’s planned — we don’t claim certifications we don’t hold.
  • If you find a security issue, tell us and we’ll act on it.

Our approach

MyEverAddress is designed around security best practices. Customers entrust us with mail that can include tax documents, legal notices, financial statements, and identity documents, so protecting that information is central to how we build. No service can promise perfect security, and we don’t claim to. Below we describe the controls we’ve implemented and the ones we’re planning, and we keep the two clearly separated.

Protecting your data

  • Encryption. Data is encrypted in transit and at rest using industry-standard algorithms.
  • Private document storage. Scanned documents and identity records are stored in private storage, not public buckets. Access to a file is granted through short-lived, signed links rather than permanent public URLs.
  • Data minimization. We collect and retain only what we need, and we apply retention limits (see the Privacy Policy).
  • Secure deletion. When information reaches the end of its retention period or you exercise a valid deletion right, we delete or de-identify it securely, subject to records we are legally required to keep.

Controlling access

  • Role-based access. Staff access is limited to the minimum a role requires. Mailroom, scanning, shipping, support, and compliance staff see only what their work needs.
  • No silent access to your account. Staff cannot silently sign in as you. Support actions that touch your account are recorded.
  • Audit trail. Sensitive actions — mail receipt, opening authorization, scan completion, forwarding, shredding, returns, identity review, administrative access, and security-sensitive changes — are recorded in an append-only audit log.
  • Administrative controls. Administrative access is restricted, and higher-risk actions require confirmation.

Your account security

  • Strong sign-in. We support passwordless sign-in and multi-factor authentication, with recovery options.
  • Session protection. Sessions use secure, HTTP-only cookies; you can review active sessions and device history and sign out remotely.
  • Alerts. We can notify you of unusual logins and important account changes.
  • Your visibility. You can see your own account activity.

Protecting mail intelligence

  • Authorized documents only. Automated content analysis runs only on documents you’ve authorized us to open, on a restricted pipeline. Document contents are not sent to an external processing provider except in a configuration consistent with your authorization and your chosen processing option. See the AI Feature Disclosure.
  • No sensitive data in analytics. We do not place mail contents, identity documents, or sensitive account data into analytics or advertising tools.

Physical mail handling

  • Segregation and chain of custody. Mail is handled in a controlled environment with physical segregation between customers, and sensitive handling steps are logged.
  • Least privilege on the floor. Only authorized staff handle mail, and accountable mail is tracked.

Application and infrastructure security

We apply standard web-application protections, including protections against common attacks, security headers, strict access controls checked on the server, rate limiting and abuse protection, validated file uploads, and separation between our public, customer, demo, and staff environments. We keep secrets out of source code and client bundles, and we work to keep sensitive information out of logs and error messages.

Incident response

We maintain an incident-response readiness posture. If a security incident affects your personal information, we will investigate, take corrective action, and notify affected users and authorities as applicable law requires. See the Privacy Policy.

Payments

Payments are handled by a third-party payment processor. We do not store full payment-card numbers on our own systems.

What is planned (not yet in place)

We distinguish controls that are implemented from those that are planned and from external validations we have not yet obtained. Planned items — which are not represented as existing today — may include additional independent third-party security assessments and an external certification roadmap. We will update this page as planned controls become implemented, and we will not claim a certification or validation we have not obtained.

Reporting a security issue

If you believe you’ve found a security vulnerability or a problem affecting the safety of customer data, please contact security@myeveraddress.com. We appreciate good-faith reports and aim to acknowledge and address valid issues promptly. (Formal vulnerability-disclosure and safe-harbor terms to be confirmed by counsel.)

Changes

We may update this page as our security program evolves. The “last updated” date above reflects the latest revision.

Questions about this policy? Contact us.

MyEverAddress

Your Permanent Address. Anywhere.

Product

  • How it works
  • Features
  • AI mail intelligence
  • Pricing
  • Free demo

Who it's for

  • Full-time RV living
  • Digital nomads
  • Truck drivers
  • Liveaboard boaters
  • Small business

Company

  • About
  • Security
  • Contact
  • Partnerships

Legal

  • Terms of service
  • Privacy policy
  • Mail handling agreement
  • Accessibility
  • All policies

© 2026 MyEverAddress. All rights reserved.

MyEverAddress is designed to operate as a Commercial Mail Receiving Agency (CMRA). Address acceptance for licenses, registrations, banking, and residency varies by institution and jurisdiction.