Skip to content
Text Crow Text Crow
SOC 2 Type II · GDPR · ISO 27001 in progress

Security built for messaging at scale

Encryption, isolation, and auditability at every layer — so your most sensitive customer communication stays protected and accountable.

Encryption everywhere

TLS 1.3 in transit and AES-256 at rest. Provider credentials and secrets are encrypted and isolated per tenant.

Role-based access control

Seven granular roles — Owner, Admin, Manager, Campaign Manager, Inbox Agent, Billing Viewer, and Read Only — scoped per workspace with least-privilege defaults.

Audit logs

Every action is captured in an immutable, exportable ledger with actor, timestamp, and full context.

Signed webhooks

Outbound webhooks are HMAC-signed and verifiable, so your systems can trust every event we send.

SSRF protection

Webhook and callback URLs are validated against an allowlist with private-range blocking to prevent SSRF.

Tenant isolation

Multi-tenant workspaces enforce strict data, routing, and billing separation between every customer.

Audit trail

The Immutable Message Ledger

Every send, login, permission change, and webhook is written to a tamper-evident ledger. Export it for security reviews, reconcile it against billing, and prove exactly what happened, when.

Tamper-evident, append-only
Exportable to your SIEM
Actor, IP, and context on every event
Reconcilable against billing
audit.log — immutable
14:02:11campaign.sentSpring Sale W2 · 100,000 recipients · user_8f2
14:01:54role.changeddana@acme → Manager · by owner_1a
13:58:30webhook.signedmsg.delivered → x.io/hook · 200 OK
13:55:02token.createdtc_live_•••• · scope: messages:write
13:49:18login.successaisha@acme · SSO · 203.0.113.4
13:44:09suppression.add+1•••0148 · reason: STOP
7
Granular RBAC role types
AES-256
Encryption at rest
100%
Actions written to audit ledger
24/7
Infrastructure monitoring

Need our security documentation?

Request our SOC 2 report, pen-test summary, and DPA from the sales team.

Request documents