Praelyx was not built by email marketers or productivity app developers. It was built by professionals who spent careers understanding how written communications become weapons in litigation, regulatory enforcement, and intelligence operations.
Before building Praelyx, our co-founder conducted counterespionage screening for the Department of Defense and major defense contractors. That background shaped every design decision: assume the adversary is already inside the network. Assume every email will be read by someone it was never intended for. Build systems that make exposure impossible by architecture, not by policy.
That same discipline now protects corporate communications. The threat model is different. The rigor is identical.
We analyzed 95 court cases representing $65,423,000,000 in documented damages. In every single one, the deciding evidence was an email that should never have been sent. Not a data breach. Not a hack. A human being pressing send on the wrong words.
Your organization already spends millions protecting against inbound threats: phishing, malware, spoofing. Proofpoint and Mimecast handle that. The catastrophic liability comes from the other direction: what your people send out.
Data Loss Prevention tools catch SSNs and credit card numbers leaving the building. They do not catch your VP promising delivery dates that create enforceable obligations, or your director advising a colleague to withhold material information from the board.
Global Relay and Smarsh record everything after it is sent. That is forensic capability, not prevention. By the time the archive captures it, the email is already in the recipient's inbox, already discoverable, already a liability.
We sit between your people and their send button. Semantic analysis by litigation-grade AI identifies implied promises, regulatory violations, privilege breaches, discoverable admissions, and tone escalation. All before the message reaches anyone.
Every email security vendor asks you to trust them with your data. We built Praelyx so trust is not required. Technical architecture makes exposure impossible.
Names, numbers, addresses, and identifiers are replaced with typed tokens before content reaches our servers. The API analyzes structure and semantics on tokenized text. Original values never leave your device.
All API traffic wrapped in ML-KEM-768 (NIST FIPS 203) quantum-resistant envelope with AES-256-GCM symmetric layer. Even if adversaries record traffic today, future quantum computers cannot decrypt it.
Every analysis returns an HMAC-SHA256 signed proof that content was analyzed, not stored, not logged, and deleted with exact timestamp. You verify this independently. No trust required.
Dual-key encryption where you hold one key and Praelyx holds another. Both required to decrypt. If either party revokes, all associated data becomes permanently, mathematically inaccessible.
Every analysis generates a hash chained to the previous one. If any analysis is tampered with or secretly stored, the chain breaks and tampering is mathematically detectable.
No email content stored at rest. No content in logs. No content used for training. Analysis happens in ephemeral memory and is wiped immediately. Contractual commitment.