Envello
Security

Boring infrastructure, on purpose

Nothing exotic here. The goal is a shared-IP sending reputation that every customer can rely on, protected by unglamorous, well-tested practices.

Encryption in transit

TLS everywhere, terminated at Caddy, no plaintext HTTP path to the API or dashboard.

API keys, hashed

Keys are SHA-256 hashed at rest and prefix-searchable for support — we can't read your live key back to you, ever.

Signed webhooks

Every webhook is HMAC-SHA256 signed. Verify the signature before trusting a payload; retries use exponential backoff with a per-endpoint circuit breaker.

Rate limits, per key

Per-API-key rate limits enforced in Redis, independent of account-level sending quota.

Tested backups

pgBackRest point-in-time recovery, restore-tested monthly, not just configured and forgotten.

Least-privilege infrastructure

Separate production and staging AWS accounts, least-privilege IAM roles, secrets held in SOPS/age — never in plaintext env files in a repo.

Dependency scanning

Automated dependency and vulnerability scanning in CI on every merge.

Audit-logged admin actions

Every administrative action against a customer account is logged and attributable.

Status

Uptime and incident history

A public status page tracks API uptime, SES send latency, and any active incidents. Every incident gets a written post-mortem within 5 business days.

View status page
Responsible disclosure

Found a vulnerability?

We take reports seriously and respond fast — email directly, no bug bounty bureaucracy required for a good-faith report.

Read security.txt
Security questionnaire?

Send it over. The founder answers these personally.