Security
InboxPilot uses server-side sessions, encrypted mailbox credential storage, and an audit log for important account, mailbox, scan, rule, and cleanup events.
The safe default is read-only scanning. Mark-read cleanup requires an approved rule and an explicit execute action.
Secrets are stored in production environment variables and Docker volume data is not committed to Git.