Security - VelisMail

Security Overview

VelisMail uses custom-built encryption algorithms to ensure your messages remain private. Unlike other services, we don't rely on third-party libraries - every cryptographic function is implemented from scratch for complete transparency.

End-to-End Encryption

Messages encrypted on your device before transmission

Zero Knowledge

We cannot read your messages even if compelled

Custom Algorithms

100% proprietary implementation, no black boxes

Encryption Algorithms

Our encryption stack is designed for maximum security:

Algorithm	Purpose	Key Size	Status
AES-256-CBC	Message encryption	256 bits	Active
RSA	Key exchange	2048+ bits	Active
SHA-256	Hashing	256 bits	Active
HMAC-SHA256	Message integrity	256 bits	Active
PBKDF2	Password key derivation	100,000 iterations	Active

Infrastructure Security

✅ HTTPS Only - All connections encrypted with TLS 1.3
✅ HSTS Enabled - Strict Transport Security with preload
✅ CSP Headers - Content Security Policy prevents XSS attacks
✅ Rate Limiting - Brute force protection on all endpoints
✅ Session Tokens - Secure, random 256-bit session identifiers
✅ No Tracking - No analytics, no third-party scripts

Vulnerability Reporting

Found a security vulnerability? We appreciate responsible disclosure.

Email: security@velismail.com

Please include:

Description of the vulnerability
Steps to reproduce
Potential impact
Your contact information

We commit to responding within 48 hours and will work with you to resolve issues quickly.