Security & Trust
Customer trust is engineering work.
We treat security and compliance as first-class product surfaces — not as a checklist applied after the fact. Here's how we keep your data, your customers and your sending reputation safe.
POPIA-aligned by design
Consent, suppression, and right-to-be-forgotten flows built into every product.
Data residency
Customer data hosted in Microsoft Azure regions of your choice — including South Africa North where supported.
Secrets in Key Vault
All credentials in Azure Key Vault. No secrets in repos, no secrets in logs, no secrets in client bundles.
Encryption everywhere
TLS 1.2+ in transit, AES-256 at rest, key rotation on a fixed schedule.
Hardened infrastructure
Network segmentation, managed identity, least-privilege RBAC, infrastructure as code.
Auditable everything
Every send and every admin action is logged with correlation IDs for traceability.
Certifications & posture
- POPIA compliance programme — operational since 2021.
- ISO 27001 — TBD (status to confirm).
- SOC 2 Type II — TBD (status to confirm).
- Independent penetration testing on a 12-month cycle.
"TBD" items pending verification with security team — see DEFERRED.md.