Set up all your email accounts once. Stax Inbox syncs your encrypted configuration to every device automatically — no more entering the same credentials 50 times.
Built for people who manage multiple email accounts across multiple providers and are tired of the setup tax.
Your email passwords are encrypted on your device before they ever reach our servers. We use AES-256-GCM with a key derived from your master password. We can never see your credentials.
Add an account on your phone. Open the app on your Mac. It's already there. Encrypted config syncs automatically across iOS, Android, macOS, Windows, and web.
Works with Gmail, Outlook, Fastmail, MXRoute, Migadu, Yahoo, or any IMAP/SMTP server. If it speaks email standards, Stax Inbox supports it.
Your emails travel directly between the app and your mail provider. Stax Inbox's servers never see your email content — only your encrypted account configuration.
iOS, Android, macOS, Windows, and web — one codebase, one experience, everywhere. Your setup follows you regardless of what device you're on.
A single master login unlocks all your accounts on every device. Change your master password and everything re-encrypts automatically. No recovery key needed.
Our encryption model is documented publicly. Security comes from the math, not from keeping the method secret.
Your master password never leaves your device as a key. Here is exactly what happens:
You create a master account. We store a bcrypt hash of your master password for login authentication. The plaintext never persists.
Your device derives an encryption key. Using Argon2/PBKDF2 (a slow, salted key derivation function), your device generates a 256-bit AES key from your master password. This key never leaves your device.
Email passwords are encrypted locally. Before any credential is sent to our servers, it is encrypted with AES-256-GCM using your device-local key. We receive only the encrypted blob.
Other devices decrypt locally. A new device logs in, downloads your encrypted blobs, and derives the same key from your master password. Decryption happens entirely on-device.
Same password → same key, everywhere. Argon2/PBKDF2 is deterministic: same password + same salt = same 256-bit key on any device. No key transmission required.
| Field | Encrypted? |
|---|---|
| Email address | Plain |
| Display name / label | Plain |
| IMAP host, port, security | Plain |
| SMTP host, port, security | Plain |
| IMAP username | Plain |
| IMAP password | AES-256-GCM |
| SMTP password | AES-256-GCM |
| OAuth refresh token | AES-256-GCM |
Three steps to never configure email accounts again.
One email and master password. This is your single login for all devices.
Enter each email account's credentials once. They're encrypted on your device and synced to our servers.
Sign in with your master password on any new device. All your accounts appear — already configured.
Stax Inbox is currently in development. Leave your email and we'll notify you when it launches.