Authorize each opening
No piece is opened or scanned until you request it. There are no default openings.
Security & privacy
You're trusting us with tax documents, legal notices, medical statements, and personal letters. We designed the whole service around that responsibility — trustworthy before anything else.
You decide what is opened, scanned, forwarded, stored, shredded, or returned. Nothing sensitive happens without your authorization.
Layered protection
Mail is handled in a controlled facility with segregation between customers, defined procedures, and chain-of-custody tracking from arrival onward.
Every customer is verified before an address is active — protecting you from someone else claiming your mail, and keeping the service legitimate.
Staff can see and do only what their role requires. There is no blanket admin access, and internal actions are recorded.
Your documents and images are encrypted in transit and at rest, stored in private storage behind access controls.
Sensitive actions are written to an append-only history — who did what, and when — that you can review for your own account.
The final control is you. Opening, scanning, forwarding, and shredding all wait for your instruction.
What you control
No piece is opened or scanned until you request it. There are no default openings.
A timestamped history of everything that happened to your mail is yours to review any time.
Shredding requires your authorization, warns that it can't be undone, and can include a waiting period on eligible plans.
Request an export of your data or its deletion, and manage who in your household or business can see what.
Account security
Sign in with a one-time email code, and add multi-factor authentication with recovery codes for stronger protection.
See active sessions and device history, and sign out sessions you don't recognize.
Get notified of unusual logins and account changes, so you notice anything out of place.
Unusual access patterns are monitored to help catch problems early.
How your data is handled
We collect what the service needs and avoid what it doesn't. Sensitive fields are kept out of error logs.
Automated reading runs only on mail you've authorized, within a controlled pipeline, under a provider privacy configuration you can be told about.
We don't put your document contents or personal mail into analytics. Usage measurement never captures sensitive content.
Data is kept according to clear retention rules and deleted securely when its time is up or when you ask.
What we do — and don't — claim
Plenty of services borrow trust with impressive-sounding badges. We'd rather tell you exactly where we stand.
Our controls follow recognized security practices, and we're transparent about what's implemented today versus planned.
We do not claim SOC 2, HIPAA, or PCI compliance. Independent certifications are on our roadmap, and we'll say so plainly when any are achieved — not before.
We don't describe our security with phrases like bank-grade or military-grade. We describe what we actually do: encryption, access controls, audit trails, and customer authorization.
MyEverAddress operates as a Commercial Mail Receiving Agency; USPS CMRA registration is in progress. We do not claim USPS approval or any government endorsement.
This section intentionally names common certifications only to be clear about what we have not obtained.
Found something?
If you believe you've found a security or privacy issue, we want to hear from you. Reach our security contact through the contact page and we'll respond as quickly as we're able.
See how much control you actually have — open the demo and watch it ask before it does anything sensitive.