Security controls built in, not bolted on.

Access controls by design

Strict access controls and comprehensive audit logging at every layer. Security practices are embedded into the architecture, not added as an afterthought.

Encryption everywhere

TLS 1.3 for all data in transit. AES-256 encryption for data at rest. Optional field-level encryption for sensitive metadata.

Granular access control

Scoped API keys with role-based permissions. Separate credentials for sending, template management, and administrative operations. Full audit trail of all access.

View authentication docs →

Signed webhooks

All webhook payloads are HMAC-signed. Built-in secret rotation without downtime. Verify every callback is authentically from SendLib.

Webhook security →

High-availability infrastructure

Multi-region deployment with automatic failover and redundancy. Continuous monitoring and alerting with no single points of failure.

Compliance ready

GDPR-compliant data handling with DPA available. CCPA support included. Built-in suppression lists and unsubscribe handling for CAN-SPAM compliance.