๐Ÿ“„ Security & privacy
Sign in

Security & privacy

This section explains how MailDesk handles security, privacy, and access to your email data.

MailDesk is designed to keep you in control โ€” your emails stay within your Odoo environment, and sensitive credentials are handled securely.


Security by design

MailDesk follows a few core security principles:

  • No password storage for Gmail and Outlook

  • Encrypted credentials for IMAP accounts

  • Revocable access at any time

  • Minimal data retention

You always know what is stored and why.


Authentication methods

MailDesk uses different authentication methods depending on the provider:

Gmail

  • OAuth 2.0

  • Gmail API

  • No password stored

Outlook / Microsoft 365

  • OAuth 2.0

  • Microsoft Graph API

  • No password stored

IMAP providers

  • Username + password or app password

  • Credentials stored encrypted in Odoo

OAuth-based connections are recommended whenever available.


What MailDesk stores

MailDesk typically stores:

  • Email metadata (sender, subject, date, folder)

  • Cached email bodies for faster reading

  • OAuth tokens or encrypted credentials

  • Folder and sync state information

Caching improves performance and expires automatically.


What MailDesk does NOT store

MailDesk does not:

  • Store Gmail or Outlook passwords

  • Permanently archive full email content without reason

  • Access emails without authorization

  • Share email data with third parties

Your email data remains inside your Odoo system.


Revoking access

You can revoke MailDeskโ€™s access at any time.

Gmail

  • Remove the mailbox account in MailDesk

  • Revoke access in Google Account โ†’ Security

Outlook / Microsoft 365

  • Remove the mailbox account in MailDesk

  • Revoke the app in Microsoft Entra / Azure AD

No password change is required.


Access control in Odoo

Security also depends on Odoo access rights.

Best practices:

  • Grant MailDesk access only to required users

  • Use Odoo groups and roles

  • Enable 2FA for Odoo users

  • Restrict admin access carefully


Production best practices

For production systems, we recommend:

  • HTTPS for all Odoo access

  • Limited admin users

  •  Regular database backups

  • OAuth instead of passwords

  • Updated Odoo and server system


Frequently asked questions


Can MailDesk read all my emails?
Only emails in connected and authorized mailboxes are accessible.

Can I remove MailDesk completely?
Yes. Removing mailbox accounts and uninstalling MailDesk removes access.

Is my data shared externally?
No. MailDesk operates entirely inside your Odoo environment.


Whatโ€™s next?

โ†’ Review Troubleshooting if you have issues
โ†’ Return to Daily use to optimize your workflow
โ†’ Contact your administrator for security-related questions


Tip:

Security works best when technical setup and user behavior go hand in hand.