Security & email safety
Last updated: July 3, 2026
Is this email really from Everpop?
A genuine Everpop email always looks like this — if any point fails, don't click it:
- It is sent from an @everpop.app address — never a lookalike domain, never a free mailbox.
- Every link points to everpop.app. Hover (or long-press) a link to check before clicking.
- It references things only Everpop would know — like the exact title of the video you just uploaded.
- We will never ask for your password, a verification code, card details, or any payment by email.
- Our emails are cryptographically signed (SPF, DKIM and DMARC) — mail providers verify this automatically, which is why real Everpop mail lands in your inbox and spoofed mail should not.
Never fully sure? Skip the link entirely. Everything an email asks of you can be done by typing everpop.app into your browser and logging in — if we detected a new upload, the same one-click button is waiting on your Videos page. An email from us is a convenience, never a requirement.
Your channel's safety
- Everpop talks to YouTube exclusively through YouTube's official APIs — upload detection, publishing, and analytics. We clip from the video file you provide (a one-click add, or a Drive folder you share) — we never download your content from YouTube.
- You can revoke Everpop's access at any time from your Google account permissions — publishing stops immediately.
- OAuth tokens are encrypted at rest (AES-256-GCM); we never see or store your Google password.
Report something suspicious
Forward any suspicious email claiming to be Everpop to security@everpop.app. A human reads it — fast. If you believe your Everpop account is affected, change your password at everpop.app and contact us the same way.
Your data
What we store and why lives in the Privacy Policy. You can export everything from Settings, and account deletion removes your content and revokes our YouTube access as part of the same action.
Everpop