How most email tools work
When you sign up for SaneBox, Unroll.me, Google's own category tabs, or most "smart inbox" tools, they ask you to grant OAuth access to your email account. OAuth is a standard that lets a third-party app act on your behalf inside your inbox — reading messages, moving them, marking them, sometimes sending on your behalf.
The OAuth screen typically says something like: "This app wants to read, compose, send, and permanently delete all your email."
Most people click through because the alternative is not using the tool. But they are granting broad access to everything in their inbox — personal notes, medical records, financial statements, relationship conversations, work confidences — not just the messages they want help with.
How Stackora works instead
Stackora never asks for OAuth access to your inbox. It never connects to Gmail, Outlook, iCloud, or any other email provider on your behalf.
Instead, Stackora gives you a unique address (like u_<token>@mail2.stackora.ai). Mail arrives at that address only when you send it there — by forwarding manually, setting up an inbox rule, or using an auto-forward filter. Nothing else reaches Stackora.
This is a deliberate architectural decision. The consequence is that Stackora only knows about mail you consciously route to it. It cannot see your whole inbox, cannot train on your entire email history, and cannot infer things about your life from messages you never intended to share.
What Stackora can and cannot see
| Stackora | OAuth-based tools | |
|---|---|---|
| Mail you forward | ✓ | ✓ |
| Mail you did not forward | ✗ | ✓ |
| Your full email history | ✗ | ✓ |
| Who you email most often | ✗ | ✓ |
| Your sent mail | ✗ | Usually ✓ |
| Access without your action | ✗ | ✓ |
Why this matters beyond privacy
There is a practical benefit that goes beyond data protection: you become more intentional about what gets processed.
When a tool has access to everything, it has to make decisions about what matters. Those decisions are opaque and trained on aggregated behavior across millions of users — not your specific context. When you control forwarding, you are making those decisions yourself. Stackora's AI then works on the slice of mail you have decided is worth processing, which means the summaries and extractions are more relevant by design.
The forwarding trust question
A reasonable question: if Stackora never connects to my inbox provider, how do I know my forwarding address is secure?
A few things protect it:
- Address uniqueness: Your forwarding address is a randomly generated token, not predictable from your name or account.
- Rotation: You can generate a new forwarding address from the Dashboard at any time. When you rotate, the old address stops accepting mail immediately. Useful if you have shared the address somewhere you should not have.
- No guessing surface: Because Stackora does not have inbox access, even if someone found your forwarding address, they could only send mail to Stackora — not read anything already there.
The trade-off
Forward-only means you cannot automatically capture every email you have ever received. If you want Stackora to surface a message, you need to route it there. That is a real limitation compared to tools that scan your whole history.
But the trade-off is intentional. The goal is not to give Stackora maximum access — it is to give you a more deliberate, less surveilled relationship with your own email. You forward what you want summarized. Everything else stays where it is, visible only to you.
That is the model, and it is not going to change.