Trust & Security

BrokerMail is designed for secure, permission-based email outreach. This page explains what we access, how we use OAuth permissions, and how organizations can contact us for security review and allowlisting.

Company Information

Information for IT and security teams

Product: BrokerMail

Website: https://app.brokermail.io

Support: support@brokermail.io

Security Contact: support@brokermail.io

Data Handling & Security

We use OAuth 2.0 to connect user mailboxes. Users explicitly authorize access.

Tokens are stored encrypted at rest and transmitted over TLS.

Users can disconnect provider access at any time from account settings.

We do not use connected account data for advertising or resale.

OAuth Scopes and Usage

Google

OAuth

Send user-initiated emails and link connected account identity.

gmail.send
userinfo.email

Microsoft 365

OAuth

Send user-initiated emails, read basic profile, and maintain connection.

Mail.Send
User.Read
offline_access

Allowlist / Domain Review Requests

For corporate security teams, please allowlist:

  • https://app.brokermail.io
  • https://app.brokermail.io/api/v1/gmail/callback
  • https://app.brokermail.io/api/v1/outlook/callback

If you need supporting documentation for vendor domain reclassification, contact support@brokermail.io.