Your email is your most complete record of your life.
Tax notices. Medical results. Legal notices. Business deals. Family history.
The YourIQAI Email Vault stores it all locally — encrypted, searchable, and yours.
No server sees it. No cloud holds it. No subscription revokes it.
Tax notices. Medical results. Legal notices. Business deals. Family history.
The YourIQAI Email Vault stores it all locally — encrypted, searchable, and yours.
No server sees it. No cloud holds it. No subscription revokes it.
How to Connect Your Email
1
Choose Your Email Provider
YourIQAI works with Gmail, Outlook, Yahoo, and any standard IMAP server including cPanel, Plesk, and self-hosted mail.
You connect using an App Password — a special read-only credential, not your main login.
2
Generate an App Password
Gmail: Settings → Security → 2-Step Verification → App Passwords. Select "Mail" and your device.
Outlook: account.microsoft.com → Security → Advanced security → App passwords.
Yahoo: Account Security → Generate app password.
Custom IMAP: Use your regular IMAP credentials or server app password.
App passwords work exactly like regular passwords for IMAP but can be revoked without changing your main password.
Outlook: account.microsoft.com → Security → Advanced security → App passwords.
Yahoo: Account Security → Generate app password.
Custom IMAP: Use your regular IMAP credentials or server app password.
App passwords work exactly like regular passwords for IMAP but can be revoked without changing your main password.
3
Add Account in the Email Account Manager
Open
email-account-manager.html and enter your label, email, IMAP host, port, and app password.
Click Save Account. Your password is never shown again after saving.
It is flagged for Windows DPAPI encryption — finalized when you run secure_mail_config.ps1.
4
Apply DPAPI Encryption (One-Time Setup)
In PowerShell, run:
Your password is encrypted with Windows DPAPI (CurrentUser scope). It can only be decrypted on this machine, by this Windows user.
cd C:\Users\bret\YourIQAI\MAIL_PIPELINE.\secure_mail_config.ps1 -Action List — see your accounts.\secure_mail_config.ps1 -Action Test -AccountLabel "Gmail Primary" — verify connectionYour password is encrypted with Windows DPAPI (CurrentUser scope). It can only be decrypted on this machine, by this Windows user.
5
Run the Email Pipeline
Run the sync to fetch and index your emails:
The pipeline fetches email headers in batches of 500. It saves a checkpoint after each batch — if interrupted, it resumes from where it stopped. Email bodies are AES-256 encrypted before writing to disk.
cd C:\Users\bret\YourIQAI\MAIL_PIPELINE.\email_pipeline.ps1 — sync all enabled accounts.\email_pipeline.ps1 -AccountLabel "Gmail Primary" — sync one account.\email_pipeline.ps1 -DemoMode — run with 10 sample emailsThe pipeline fetches email headers in batches of 500. It saves a checkpoint after each batch — if interrupted, it resumes from where it stopped. Email bodies are AES-256 encrypted before writing to disk.
Thunderbird Bridge — 100,000+ Email Archives
What is the Thunderbird Bridge?
Mozilla Thunderbird is a free, open-source email client that can download and store
your entire inbox locally — including archives of 100,000 or more emails.
YourIQAI reads from your local Thunderbird cache only.
No credentials are collected. No emails are transmitted. The original mbox files are never modified.
How to Set Up the Bridge
1. Install Thunderbird free from thunderbird.net
2. Add your email account in Thunderbird and let it sync
3. Run:
4. Run:
5. Use
The bridge scans mbox files in your Thunderbird profile directory and encrypts each message reference into the Golden Portal vault.
2. Add your email account in Thunderbird and let it sync
3. Run:
SCRIPTS\install_thunderbird_portal.ps14. Run:
MAIL_PIPELINE\thunderbird_bridge.ps15. Use
-Import flag to import messages to the vaultThe bridge scans mbox files in your Thunderbird profile directory and encrypts each message reference into the Golden Portal vault.
Large Archive Support
The bridge processes emails in batches of 500, saving a checkpoint after each batch.
If you interrupt a 100,000-email sync, rerunning the script resumes from the last saved checkpoint.
Memory usage stays flat regardless of archive size because emails are written to disk immediately,
not held in memory.
Read-Only Guarantee
YourIQAI never modifies, deletes, or moves emails in your Thunderbird profile.
The bridge only reads the mbox files. All vault entries are stored in a separate ENCRYPTED_VAULT
directory and can be deleted without affecting Thunderbird or your original email archive.
Security Architecture
🔒 Security Commitments
PASSWORD STORAGE
Windows DPAPI encrypted. CurrentUser scope. Decrypts only on this machine, by this user.
EMAIL BODY ENCRYPTION
AES-256 with a local vault key. IV prepended per message. Key never leaves this machine.
NO SERVER TRANSMISSION
No email content is sent to YourIQAI servers. All sync happens from your machine to your machine.
READ-ONLY IMPORT
The pipeline and bridge never delete, move, or modify original emails.
NO LOG EXPOSURE
App passwords and decrypted content are never written to log files. Log entries are metadata-only.
BATCH + CHECKPOINT
500-email batches. Checkpoint saved after each. Safe to interrupt and resume any time.
FAQ
Is my Gmail password stored anywhere?
+
No. YourIQAI uses an App Password, not your main Gmail password.
After you enter the app password in the Account Manager, it is encrypted using Windows DPAPI
and the original value is discarded from memory. It cannot be viewed after saving.
It is only decrypted at sync runtime and is never written to any log file.
Can YourIQAI read my emails on a server?
+
No. The email pipeline runs entirely on your local machine. No email content is transmitted
to YourIQAI or any third party. The IMAP connection goes from your machine directly to Gmail or
your mail provider, and all encrypted output is stored only on your local disk.
What happens if I stop a large sync mid-way?
+
The pipeline saves a checkpoint after every 500 emails. If you stop or restart,
the next run automatically resumes from the last saved checkpoint. You do not lose progress.
The partial index and vault files from the interrupted run are kept and extended on resume.
Does the Thunderbird Bridge modify my Thunderbird setup?
+
No. The bridge is strictly read-only. It reads mbox files in your Thunderbird profile directory
but never writes to them. Your Thunderbird configuration, account settings, and email archive remain completely untouched.
The only files written are in
MAIL_PIPELINE\ENCRYPTED_VAULT\ and MAIL_PIPELINE\email_index.json.
How many emails can the vault hold?
+
The test suite has verified 100,000 email records without memory issues or crashes.
Each encrypted vault entry is a small file. The main constraint is disk space, not memory.
The index file grows with each email added but is loaded lazily, so even large indexes perform well.
What is MailKit and do I need it?
+
MailKit is a free .NET library for live IMAP connections. PowerShell 5.1 does not have
native IMAP support, so MailKit is required to connect to Gmail or Outlook live.
Run
SCRIPTS\install_mailkit_dependency.ps1 to install it.
The Thunderbird Bridge path does not require MailKit — it reads local files only.