Email is not actually private in many instances, so this might be an unworkable solution, possibly even a legal minefield too.
Maybe encrypt the email attachment with an encryption key that is only accessible behind Heroku's 2-factor login page? Problem is, it would probably still reveal basic metadata and database sizes.
Maybe encrypt the email attachment with an encryption key that is only accessible behind Heroku's 2-factor login page? Problem is, it would probably still reveal basic metadata and database sizes.