Stonifi Mail Hub · GRC compliance inbox

A compliance inbox
you host yourself.

Built for KSA + UK compliance teams. SAMA / SAFIU / OFAC detection, three personas, append-only audit log, bilingual EN / AR with full RTL. Self-hosted Docker Compose — your data stays on your infrastructure.

Open Mail Hub Talk to sales

Six features. One inbox.

Built for compliance teams, not power-users.

Regulatory rule catalogue

Built-in detectors for the KSA stack: sanctions-hit (OFAC / UN / UK OFSI / KSA list), aml:str-signal, ksa:sama-circular, ksa:safiu-goaml, aml:fatf-mention, pii:exposed. Phase E5 adds live sanctions API.

Pattern-based detection v1

Live API · Phase E5

Custom taxonomies (Enterprise)

Tunable confidence + override

Three personas, one app

Operator drives the inbox. Supervisor balances the queue. Admin builds rules and answers the auditor. Each has its own home, its own shortcuts, its own permissions.

Persona-aware home pages

Permission matrix · 19 perms × 4 roles

G-leader cross-persona jumps

25+ shortcuts shipped

Append-only audit log

Every action signed with actor, role, timestamp. Compliance-defensible by design. Retention from 30 days (Pilot) to unlimited (Enterprise) with optional WORM mode.

Signed entries · who / when / what

Tunable retention

WORM mode on Enterprise

CSV / JSONL export

Multi-mailbox unified inbox

Every account in one view — IMAP, Microsoft Graph, Microsoft 365 shared mailboxes — across all your client tenants. Per-mailbox identities, signatures, routing. Real-time IMAP IDLE.

IMAP IDLE · MS Graph

Multi-tenant by design

Per-mailbox identities

Vault-encrypted credentials

AI draft composer (early access)

Smart-template drafts today via slash-commands /ack, /info, /escalate, /decline, /pause in EN or AR. Generative AI drafts in early access — Anthropic Claude, tenant-scoped, requests visible in your audit log.

Slash-command templates · EN + AR

Generative drafts · early access

Audit log on every draft

Tenant-scoped Claude API

Bilingual UI · full RTL

Arabic-native architecture. MSA Arabic chrome (~95% translated), full right-to-left layout, Arabic-Indic numerals for dates and counts. Rule names and code identifiers stay Latin.

MSA · not dialect

Full RTL layout mirroring

Hijri date toggle (planned)

Per-mailbox language preference

Three personas · one app

Built for the way compliance teams actually work.

Operators triage. Supervisors balance load and watch SLAs. Admins build the rules, rotate credentials, and answer the auditor. Each persona has its own home, its own shortcuts, and its own permissions.

Operator

The daily driver

Reads the unified inbox across every client mailbox. Replies, assigns, classifies, archives. Lives on the keyboard — sub-50ms thread open and a G-leader command system to jump anywhere in the app.

J / K · navigateR · replyT · classifyA · assignE · archive⌘K · commands

Skim subject + AI summary → open thread → tag (SAMA / PEP / STR) → reply with smart-template or AI draft → archive.

Supervisor

The team lead

Sees the team queue, the assignment matrix (mailbox × person), the SLA dashboard, and the roster. Bulk-assigns rows in one click. Surfaces overdue threads and escalations.

G M · matrixG Q · team queueG S · supervisor home⌘K · commands

“Copy assignments from Al-Rajhi to ANB Invest” → roster lights up → SLA timers reset.

Admin

The ops & compliance lead

Owns rules, the credential vault, mailboxes, the user permission matrix (19 perms × 4 roles), the append-only audit log, and tenant settings (notifications, cultural quiet hours, cost telemetry).

G R · rulesG V · vaultG U · usersG A · admin home

Add a new SAMA rule → test against the last 1,000 threads → publish → every action signed in the audit log.

Deployment · BYO infrastructure

You host it. You own the data.

Mail Hub ships as a Docker Compose bundle you install on your own infrastructure (per ADR 005). KSA compliance teams want data residency; we deliver it. Pull the images, fill in .env, run docker compose up -d. Caddy provisions TLS automatically. Everything else is yours.

# on your own infrastructure
cp .env.example .env
# fill in DOMAIN, ACME_EMAIL, secrets
docker compose up -d

# probe
curl -k https://$DOMAIN/health
{"status":"ok","version":"0.1.0"}

HashiCorp Vault

Transit-mode KMS, AppRole auth, every credential encrypted at rest

Caddy auto-TLS

Let's Encrypt out of the box, your domain, your certificate

PostgreSQL 16

Your database, your backups, your retention policy

ClamAV

Inline attachment scanning before anything reaches the inbox

MinIO

S3-compatible object storage, on-prem

BullMQ + Redis

Durable job queue · IMAP IDLE + Microsoft Graph ingestion

Triage

From 200 emails
to 6 that matter.

Pattern rules and classification triage every thread on ingest into Reply, Read, Auto, or Regulator. You wake up to a single Reply folder of threads that actually need a human. The rest is summarised once a day. Pattern-based today, live OFAC API + ML classifier in Phase E5.

Real-time per-thread triage

Learns from your behaviour

VIPs always reach you

Daily summary of Auto folder

Reply 6

Auto 174

Regulator 2

Compliance · SAMASTR notice — review required

Regulator · 24h SLA · classified by Stoni

Sarah ChenRe: Q2 launch timeline

Direct question · awaiting since Mon

Lumen ClinicContract renewal — 3 questions

3 specific items · all answerable

AI drafts (early access)

Templates today.
Generative drafts soon.

Slash-commands /ack, /info, /escalate, /decline, /pause insert smart-template bodies in EN or AR with full thread context. Generative AI drafts (Claude · tenant-scoped) ship in early access — request a key. Hit Tab to accept, ⌘+K to redraft, ⌘+Enter to send. Every draft is logged for audit.

Slash-command templates · EN + AR

Cross-thread context

Inline rewrite with ⌘+K (early access)

Audit-mode for shared inboxes

From: David K. · 3h

Lunch tomorrow? Was thinking around noon at that ramen place near your office.

Stoni · smart-template draft

Yes — but 12:30 works better. Casa instead of ramen? Quicker, and I can only do 45 min.

TabAccept⌘KRedraft⌘↵Send

Keyboard-first

Twenty-five shortcuts.
One command bar.

Designed for compliance Operators who burn through 200+ threads a day. Every action is one key. ⌘+K commands anything. G-leader Vim-style jumps across personas. Sub-50ms thread open.

25+ keyboard shortcuts shipped

⌘+K command palette

G-leader · cross-persona jumps

Sub-50ms thread open

archive thread⌘K

J / Knext / prev

Earchive

Rreply

⌘ ↵send

⇧ Umark unread

/search

⌘ Kcommands

Tabaccept draft

Pricing · per install · by mailbox count

One licence. Your servers. No per-seat math.

Mail Hub is licensed per install, scaled by mailbox count. Operators churn; mailboxes are stable. Pilot is free for 90 days. Annual updates and security patches included.

Pilot

SAR 0

Up to 5 mailboxes

90-day evaluation · self-hosted · community support

Download bundle

Operator + Supervisor + Admin personas

Pattern-based SAMA / SAFIU / OFAC detection

Append-only audit log · 30-day retention

IMAP IDLE + Microsoft Graph ingestion

Vault Transit KMS · Caddy auto-TLS

Bilingual EN / AR (full RTL)

Community Discord support

Questions, answered.

Self-hosted Docker Compose only — by design, per ADR 005. KSA compliance teams want data residency. Mail Hub ships as a bundle: pull images, fill in `.env` (DOMAIN, ACME_EMAIL, secrets), run `docker compose up -d`. Caddy auto-provisions TLS via Let's Encrypt. Your data never leaves your servers.

Pilot Mail Hub on your servers.

90 days free. Up to 5 mailboxes. No card. Pull the bundle and run docker compose up.