Who this is for
- Operations teams managing multiple identities across providers.
- Security teams requiring explicit data boundaries and auditability.
- Technical teams importing legacy archives without cloud lock-in.
Local-first email management for technical teams.
Encrypted vaults on your device. People-centric delegation without sharing passwords. Archive ingest for MBOX and PST. Explicit, auditable AI with per-action consent.
No credit card required. Self-hosted evaluation available.
Inbox — J. Doe
Sarah Mori
Re: Q3 compliance audit
14:32
Alex Kim
Archive migration complete
13:07
Ren Liu
Vault encryption keys rotated
11:45
GitHub
[twinmail] PR #847 merged
09:18
Sarah MoriFeb 25, 2026 14:32 UTC
Re: Q3 compliance audit
ReplySummarizeHandoff
Supported providers and archive formats
GmailOAuth
OutlookOAuth
iCloudApp password
YahooOAuth
ProtonBridge
IMAPGeneric
MBOXLocal ingest
PST/OSTLocal ingest
Who this is not for
- Teams requiring automatic cloud AI processing on all messages.
- Organizations needing a fully managed hosted mailbox platform.
- Workflows that depend on shared passwords instead of role delegation.
Deployment model
Local first: Message content and indexes remain on-device.
Sync optional: Multi-device sync is encrypted and opt-in.
Cloud AI explicit: Off-device processing requires per-action consent.
Capabilities
Built for operators who read the documentation
Delegation, encryption, and AI tooling with explicit boundaries — not hidden behind abstractions.
People-centric delegation
Assign accounts to people, not the other way around. Define permission tiers — Owner, Full, Triage, Read — without sharing credentials.
Archive ingest
Import MBOX, PST, OST, and EML archives. Deterministic progress UI with checkpoint recovery. Indexes run locally against encrypted vaults.
Explicit AI tools
Summarize threads, extract entities, draft replies. Every AI action shows a consent sheet with the exact payload before cloud transmission.
Intent-based search
Navigate by person, account, or natural-language intent. Local indexing means your queries never leave the device unless you choose to escalate.
Vault encryption
Each data boundary is a locally encrypted vault with per-vault key derivation. Cloud sync, when enabled, is zero-knowledge by default.
Handoff plans
Generate explicit action plans with context, next steps, and audit trail. Transfer responsibility between operators with full provenance.
How it works
From connection to action in three steps
Each step produces an explicit output. Constraints and failure modes are documented, not hidden.
1
Connect
Add live accounts via OAuth or application-specific passwords. Import archive files (MBOX, PST, EML) directly from disk.
2
Organize
Assign accounts to people. Define delegation roles — Owner, Full, Triage, or Read — to control access without sharing passwords.
3
Operate
Summarize threads, draft replies, create handoff plans. Every AI action shows a consent sheet with the exact payload before transmission.
Trust architecture
Your email stays on your device
Zero-knowledge encryption, per-vault key isolation, and explicit consent for every cloud-bound action.
Local-first architecture
Message content and search indices live on your device. Cloud synchronization is an encrypted transport layer, never a source of truth. No server-side decryption capability exists.
Per-vault encryption
Each Person or Account boundary maps to an encrypted SQLite vault with independent key derivation. Compromise of one vault does not expose another.
Per-action consent model
Cloud AI features require explicit opt-in per action. A consent sheet displays the exact payload, destination, and data handling policy before any data leaves the device.
Technical Preview
Evaluate TwinMail for your team
Request early access to test local-first email management with your existing infrastructure. No lock-in. Cancel anytime.
Request technical preview
Early access includes unlimited accounts, AI tooling, and priority support throughout the evaluation period. Qualified teams receive access within 48 hours.