Security and Privacy at SaneBox

We realize that email contains your most personal and private data.  So we take security and privacy of our user’s data extremely seriously.  

By design, we limit the information that is held on our servers.  Your email never resides on our servers, except for the moment that we send your Sane RemindMe email back to you (and even then we try to measure in seconds the time that any one email is on our disks).

Also by design, SaneBox acts as a client so that if our service should be down for a minute or two (we shoot for 5 9’s of uptime), your email will continue to be delivered to your Inbox.  The only side effect of our being down would be that your unimportant email will linger in your Inbox, mocking you.

We approach security as 4 layers.  Each layer, while as impervious as we can make it, is backstopped by the other layers. 


Physical security

We colocate with CDW in hardened facilities in secure racks. CDW’s high-tech data centers deliver hosted applications, colocation and managed services. The data centers are housed in nondescript facilities and have extensive setback and military grade perimeter control as well as other natural boundary protection. 

Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems and other electronic means.

CDW’s facilities use high resolution cameras with video analytics and other systems to detect and track intruders. Additional security controls such as thermal imaging cameras, perimeter fences and biometrics may be used when necessary. 

Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All consultants and visitors are required to present identification and are signed in and continually escorted by authorized staff. CDW only provides data center access and information to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of CDW. All physical and electronic access to data centers by CDW employees is logged and audited routinely.

CDW’s clusters are architected with resiliency and redundancy in mind. This helps in minimizing single points of failure and the impact of common equipment failures and environmental risks. Dual circuits, switches, networks and other necessary devices are utilized to provide redundancy. To support CDW’s continuous and 24x7 operations, a primary and alternate power source with equal capacity is provided for every critical component. Air cooling maintains a constant operating temperature for servers and other computing hardware. Cooling prevents overheating and reduces the possibility of service outage.   

The application software and application database are backed up daily to ensure recoverability in the event of system failure. Backup files are stored securely on read-only media and secured such that access is limited to appropriate personnel only. Backup files never leave the data center.

Network Security 

The service and database machines do not accept any connections from the public internet. A user must establish a VPN connection to our private network. A VPN uses data encryption and other security mechanisms to prevent unauthorized users from accessing data.

This channel is a temporary direct session and is commonly referred to as tunneling.  

The user is required to provide individual cryptographically strong SSH keys to gain access to a bastion host. The bastion host is a powerful server with improved security measures and custom software. It undergoes regular maintenance and audit. 

SSH is a ubiquitous protocol that provides authentication, encryption and data integrity to secure network communications. It offers encrypted connections for a variety of purposes, including logging into remote machines, transferring files, setting up encrypted tunnels and more. Bastion hosts are specifically built systems that are designed and configured to protect the management plane of the cloud.

Once connected to the bastion host, the user has to provide SSH keys to gain access to one of the service machines. All such access is logged and routinely audited. Finally, all data on the server is secured with bank-quality encryption.


Data Security

Your email is never resident on our servers. Our software cannot see the content of your emails, since the body of your emails will never touch our servers. Your email credentials / authentication information is bank-quality encrypted in the database. An industrial strength passcode must be entered to even start up the software. This means that someone could walk off with the entire database and the entire code base and still not get access to a single authentication credential. This master startup passcode is known to only a few trusted employees.

SaneBox identifies the important emails in your email inbox. The servers that calculate the importance of your emails and label them are unavailable for inbound connections from the public internet. The calculation of importance is done by an algorithmic engine.  Only the engine looks at the headers of your emails and your social network connections, not people.  Our engineers work on the algorithmic engine, not the email.

Trusted Personnel 

SaneBox Inc. maintains a detailed internal security policy issued to all employees and reviewed frequently. The employees are required to conduct themselves in a manner consistent with the policy. We only hire people who come highly recommended and referred by our trusted contacts.  Prior to hire, we will verify an individual’s education and previous employment, and perform extensive reference checks. 

Employees are provided with security training as part of new hire orientation. SaneBox provides confidential reporting mechanisms to ensure that employees can anonymously report any ethics violation they may witness. Hence, it is the most vetted subset of our trusted employees that even access that final encryption key.  


Conclusion

We take security and privacy of user data extremely seriously. In fact, it is the top priority in any business decision.  When faced with a choice to offer a valuable feature that would even marginally increase the security and privacy risk, it is our company policy to not move forward with that feature.  We spend time each month looking for ways to secure the system further.

Always remember that someone could look over your shoulder someday while you type your password.  Or someone could get you to click on a phishing email and get you to enter your credentials to a phishing site. 

So you should always be as careful as SaneBox!

Using your “Digest of unread unimportant emails”

1. This is where you click to change the number of times you get the digest.

2. This is a link to a webpage to help you triage **all** your unimportant email at once.

3. If I want this bi-monthly payroll approval reminder to go in my INBOX, I would click here.

By default, all SaneBox users get a “Digest of unread unimportant emails” each afternoon.  This digest is a summary of all the emails that SaneBox moved to your SaneLater folder. And a summary of your trainings.

We created the digest to try to give users better habits around their unimportant email.  I have found that my beloved SaneBox users either completely ignore their SaneLater folder or they check it way too often.  We later added training info to the email because I wanted a convenient way for users to check on their most recent trainings.

Users that ignore their SaneLater folder have come to believe that putting emails off means you never have to deal with them.  The healthier approach is to triage those emails archiving most of them, promoting ones that are INBOX worthy, and dealing with the others as time permits. We will continue to empower the digest so that you will be able to do all these things quickly and easily.  Currently you can only easily retrain emails (stay tuned for POWER digest features coming to your email client soon)

Users that check their SaneLater folder too often are simply afraid to let go.  The digest is meant to be the security blanket that you need to do that.  Concentrate on the important stuff or better yet get something important done that has nothing to do with your email.  When the digest comes, check the unimportant stuff. Have the digest come more often if you are really anxious but stop nervously checking your SaneLater folder!

Thanks everyone!Stuart

SaneBox - Better Priority Inbox for Everyone

For those that have been living under a rock…

SaneBox and Priority Inbox distinguish between important email and email that can wait.  

First, make no mistake, SaneBox is better than Priority Inbox.

Because SaneBox…

  1. Automatically files the unimportant stuff out of your INBOX so it doesn’t constantly distract you. 
  2. Requires no training to be effective.
  3. Is more accurate  
  4. Has great customer service
  5. Has 4-5 levels of importance
  6. Can defer an email for future processing
  7. Can Blackhole an email
  8. Can auto-file old emails
  9. Can monitor your SPAM folder for important stuff
  10. Can report on your email trends
  11. Can link to your social networks for increased accuracy

But, the general concept is the same.

Oh yeah, Google’s Priority Inbox is free and SaneBox costs actual money (about the price of a latte a month).

Oh wait… there is one more difference… Google’s Priority Inbox ONLY works with Google’s Gmail

and SaneBox now works with ANY EMAIL SERVER!

SaneBox now works with Gmail, Yahoo!, Mobile Me, AOL, MS Exchange, or any other service you can think of. Ummm… except Hotmail and Earthlink (don’t ask).

What’s your wasted time and email frustration worth each month?

We at SaneBox say enough to perpetual presidents, monarchies, walled garden email providers.  Free your email. Free your spirit.  Think of this as the first wave of an email revolution.  

This chart shows where I am in relationship to the current world of SaneBox. The yellow line is the total emails received by each user this week.  The green line is the total important emails received by each user this week. I am about 65% of the way up the base of the true power user email cliff.  We will add to this chart in the future but for now it is meant to put your pain in perspective. So before I whine about how much email I get, I will consider the user at the peak who gets an average of 259 emails a day. They must be pretty happy to use SaneBox: 136 of those emails each day just aren’t that important and get automatically filed from their INBOX to their SaneLater folder. And they get a digest each day of the 136 so they can quickly and easily see if they want to override us and promote some of them to their INBOX after all.
View Separately

This chart shows where I am in relationship to the current world of SaneBox. The yellow line is the total emails received by each user this week.  The green line is the total important emails received by each user this week. I am about 65% of the way up the base of the true power user email cliff

We will add to this chart in the future but for now it is meant to put your pain in perspective. So before I whine about how much email I get, I will consider the user at the peak who gets an average of 259 emails a day. They must be pretty happy to use SaneBox: 136 of those emails each day just aren’t that important and get automatically filed from their INBOX to their SaneLater folder. And they get a digest each day of the 136 so they can quickly and easily see if they want to override us and promote some of them to their INBOX after all.

SaneArchive

Today we fielded a new optional folder called SaneArchive. This option keeps the total count of Sane folder emails to a maximum of 5000.  The 5001st oldest email will automatically be filed into the SaneArchive folder.

We’ve discovered that as we get better and better at separating the unimportant email into SaneLater, our users spend less and less time processing (filing,deleting) those emails.  So the number in that folder simply grows and grows.

We have always labeled the most recent 5000 emails.  So when we see the 5001st email, we will unlabel the oldest one, put it back into the INBOX, to bring the total under our quota.

SaneArchive, when active, will act as a repository for these oldest emails.  So, instead of putting the old ones back in the INBOX, we will put them in SaneArchive.

We could simply “archive” them in gmail, but then we would not be able to reverse the process if you should decide you hate the folder or our service. If you turn SaneArchive  “off”, we  simply return it’s emails to your INBOX.  If you “cancel” the SaneBox service, we simply return all Sane folder emails, including the SaneArchive folder emails, back to your INBOX.  In either case, your INBOX looks just like it did before you clicked.

If you want to force an old email to stay in your INBOX: simply “flag” or “star” it.