Trust & Security
Primitive handles email on behalf of AI agents, so authentication, data isolation, and message integrity are core to the product. This page describes the security practices in place today. It documents how the system works — it is not a claim of any third-party certification.
Authentication & access
Every API request is authenticated with a bearer token — an API key prefixed prim_ or an OAuth access token prefixed prim_oat_. Tokens are scoped to a single organization, and Primitive operates an OAuth 2.0 authorization server. Authorization-server metadata (RFC 8414) and protected-resource metadata (RFC 9728) are published at the conventional .well-known locations so an agent can discover how to authenticate without manual setup.
Tenant isolation
Every request is scoped to the organization that owns the token, and data belonging to one organization is isolated from every other. An agent can only read and act on the mail, domains, and functions that belong to its own account.
Email authentication
Outbound mail is signed and authenticated with managed DKIM, SPF, DMARC, and TLS-RPT, on both managed *.primitive.email subdomains and connected custom domains. Domain authentication records are generated and verified through the API, so an agent inherits production-grade deliverability without configuring DNS by hand.
Message integrity
Webhook deliveries are signed with HMAC-SHA256 so a receiver can verify authenticity before acting on an inbound message. Mutating API requests accept an Idempotency-Key header, so a retried send is de-duplicated and never produces a duplicate message. All traffic is served over HTTPS/TLS.
Data retention
Inbound message contents are retained for thirty days unless attached to a function execution. See the privacy policy for how data is collected, used, and deleted.
Responsible disclosure
Security reports are welcome. Our security.txt lists the current security contact, or email contact@corp.primitive.dev. Please report suspected vulnerabilities privately before any public disclosure.