MAIL HUB · v1 · KSA-first GRC inbox

A compliance inbox
you host yourself.

Triages regulated mail against SAMA, SAFIU, OFAC and ICO patterns. Signs every action into an append-only audit log. Runs on your own Docker Compose stack — provisioned in 8 minutes via the admin UI.

Pilot on your servers Book a demo
19 perms × 4 roles
Operator · Supervisor · Admin · Auditor
8-min provision
via the admin UI
Append-only audit
signed actor + timestamp
Full RTL · MSA Arabic
EN / AR / FR chrome
FEATURES · WHAT'S RUNNING ON STAGING

Six features. One inbox.

Every capability below ships in v1 against the real NestJS + Postgres + Redis + Vault + MinIO + ClamAV stack. No mockups.

Real-time mail ingestion

IMAP IDLE plus Microsoft Graph webhook subscriptions, both feeding MailIngestionService.intake. The 30-second ImapWorker discovery tick spawns connections for new credentials and drops them within 30 seconds when a mailbox is soft-deleted — no restart.

See how

Regulator rule catalogue

Pattern detectors out of the box: ksa:sama-circular, ksa:safiu-goaml, aml:str-signal, sanctions-hit, fatf-mention, pii:exposed. Tunable per tenant; live OFAC / UN / UK OFSI lookup lands in Phase E5.

See how

Append-only audit log

Every action signed with actor, role, and timestamp. PermissionGuard audits every endpoint, including denials as auth.permission_denied. Retention from 30 days (Pilot) to unlimited WORM (Enterprise).

See how

MinIO + ClamAV attachment scanning

Content-addressable sha256 storage with INSTREAM ClamAV scan on upload and on ingest. Infected rows refused 423 before the wire; pending rows 425. Send-side resolves attachments and blocks attachment.infected at the boundary.

See how

HashiCorp Vault credential KMS

Vault Transit engine, AppRole-authed, vault-init bootstraps the first-boot init / unseal / mount idempotently. IMAP, SMTP and Graph credentials are KMS-wrapped on save and never land in logs.

See how

Three personas, full RTL, 25+ shortcuts

Operator, Supervisor, Admin, Auditor — 19 perms × 4 roles. j / k navigation, ⌘K command bar, G-leader cross-persona jumps. Bilingual EN / AR with structural RTL flip and MSA Arabic chrome.

See how
PERSONAS · THREE PEOPLE, ONE APP

Built for the way compliance teams actually work.

Operators triage. Supervisors balance load and watch SLAs. Admins build the rules, rotate credentials, and answer the auditor. Each persona has its own home, its own shortcuts, and its own permissions.

Operator
The daily driver

Reads the unified inbox across every client mailbox. Replies, assigns, classifies, archives. Sub-50ms thread open and a G-leader command bar. Slash-command composer for /ack, /info, /escalate, /decline, /pause.

J / K · navigateR · replyT · classifyA · assignE · archive⌘K · commands
Skim subject + AI summary → tag (SAMA / PEP / STR) → reply with smart-template or AI draft → archive.
Supervisor
The team lead

Watches the team queue, the assignment matrix (mailbox × person), the SLA dashboard, and the roster. Bulk-assigns rows in one click. Surfaces overdue threads and escalations. Weekly analytics panel.

G M · matrixG Q · queueG S · home⌘K · commands
"Copy assignments from Al-Rajhi to ANB Invest" → roster lights up → SLA timers reset.
Admin
The ops & compliance lead

Owns rules, the credential vault, mailboxes, the user permission matrix (19 perms × 4 roles), the append-only audit log, and tenant settings (notifications, cultural quiet hours, cost telemetry). Rule playground tests against the last 1,000 threads before publish.

G R · rulesG V · vaultG U · usersG A · home
Add a SAMA rule → test against the last 1,000 threads → publish → every action signed in the audit log.
DEPLOYMENT · BYO INFRASTRUCTURE

You host it. You own the data.

Mail Hub ships as a Docker Compose bundle you install on your own infrastructure (per ADR 005). KSA compliance teams want data residency — that's the architecture, not a setting. Pull the images, fill in .env, run docker compose up -d. Caddy provisions TLS automatically. Everything else is yours.

# on your own infrastructure
cp .env.example .env
# fill in DOMAIN, ACME_EMAIL, secrets
docker compose up -d

# probe
curl https://$DOMAIN/health
{"status":"ok","version":"0.1.0"}
HashiCorp Vault
Transit-mode KMS, AppRole auth, vault-init bootstraps init / unseal / mount idempotently
Caddy auto-TLS
Let's Encrypt out of the box, your domain, your certificate
PostgreSQL 16
Your database, your backups, your retention policy
ClamAV INSTREAM
Inline attachment scan on upload + ingest, 423 / 425 enforced at the boundary
MinIO storage
S3-compatible object storage with sha256 content-addressing, on-prem
BullMQ + Redis
Durable job queue · IMAP IDLE + Microsoft Graph ingestion
PRICING · PER INSTALL · BY MAILBOX COUNT

One licence. Your servers. No per-seat math.

Mail Hub is licensed per install, scaled by mailbox count. Operators churn; mailboxes are stable. Starter is free for 90 days. Annual updates and security patches included.

Starter
£0
Up to 5 mailboxes
90-day evaluation · self-hosted · community Discord support
Request the bundle
Operator + Supervisor + Admin personas
Pattern-based SAMA / SAFIU / OFAC detection
Append-only audit log · 30-day retention
IMAP IDLE + Microsoft Graph ingestion
Vault Transit KMS · Caddy auto-TLS
Bilingual EN / AR (full RTL)
Community Discord support
Most popular
Team
£3,798/yr
Up to 25 mailboxes
Per install · perpetual licence · annual updates
Talk to sales
Everything in Starter, plus:
AI draft composer · Anthropic Claude API · tenant-scoped
Slash-command smart templates (EN / AR)
Telegram + email digest notifications
Audit log · 90-day retention
Postmark transactional outbound (BYO key)
Quiet-hours · Ramadan / Eid / Friday prayer
Standard support · 8h SLA
Enterprise WORM
Custom
Unlimited mailboxes
Per install · custom terms · dedicated CSM
Talk to sales
Everything in Team, plus:
WORM-mode append-only audit (immutable storage, unlimited retention)
Self-hosted NLP container (CAMeL Tools + HuggingFace)
Custom regulator taxonomies (FCA / DIFC / QFC / CBB)
SSO (Okta / Google / Azure) · SCIM
WhatsApp / SMS notification channels
Dedicated CSM · 4h SLA · on-call escalation
Source escrow · perpetual update rights
Per ADR 007 · Operators churn; mailboxes are stable · Annual updates included · No per-seat charges
FAQ · QUESTIONS, ANSWERED

Questions, answered.

Is this a SaaS or do I host it myself?
Self-hosted Docker Compose only — by design, per ADR 005. KSA compliance teams want data residency, so Mail Hub ships as a bundle: pull images, fill in `.env` (DOMAIN, ACME_EMAIL, secrets), run `docker compose up -d`. Caddy auto-provisions TLS via Let's Encrypt. Your data never leaves your servers.
How do you actually detect SAMA / SAFIU / OFAC content?
v1 is pattern matching against a curated rule catalogue (sanctions-hit, str-signal, sama-circular, safiu-goaml, fatf-mention, pii-exposed) tunable per tenant. Phase E5 adds a live OFAC / UN / UK OFSI / KSA list API for real-time match. Today's screening is honest pattern-matching with manual override — not magic.
What does the AI draft button actually call?
Anthropic Claude API, scoped to your tenant. Every request is visible in your Vault and your audit log. Enterprise customers can run a self-hosted NLP container (CAMeL Tools + HuggingFace transformers, Python 3.12 + FastAPI) with no outbound model traffic.
How does pricing work?
Per install, perpetual licence, scaled by mailbox count (per ADR 007). Operators churn; mailboxes are stable — so you don't pay for staff turnover. Starter is free for 90 days up to 5 mailboxes. Team is a fixed annual licence for up to 25 mailboxes. Enterprise WORM is custom and unlimited. All include annual updates and security patches.
What about other regulators — FCA, DIFC, QFC, CBB?
KSA (SAMA / SAFIU / NCA) is baked into v1. The rule architecture supports custom taxonomies, and Enterprise customers ship with FCA / DIFC / QFC / CBB expansion packs in Phase G — same rule format, regulator-specific vocabulary. Talk to us if you need a specific regulator.
How does Arabic work?
MSA Arabic chrome with full right-to-left layout (~95% translated). Email body translation is partial in v1 (3 of 11 demo threads); Phase G adds the rest. Smart templates ship bilingual EN / AR. Regulatory acronyms (SAMA, SAFIU) stay Latin in both languages, with Arabic gloss in the body.
Can I use this with Stonifi CX Platform?
Yes — and they share Stoni context. A regulator notice in Mail Hub can pre-load the relevant case file in CX; a flagged transaction in CX can pre-draft the SAR notice in Mail Hub. Both run on the same memory layer when deployed together.

Pilot Mail Hub on your servers.

Tell us about your team and your mailboxes. We'll send the Docker Compose bundle, the .env template, and a one-page provisioning runbook. 90-day pilot, no card, no migration commitment.

Start a pilot Read the catalogue