Security

Security is fundamental to OnboMail. We implement industry-leading practices to protect your data and ensure the integrity of our platform.

Data Encryption

  • Encryption in Transit: All data transmitted using TLS 1.3
  • Encryption at Rest: Database encryption via Supabase
  • End-to-End Security: Secure communication between all services
  • Key Management: Industry-standard key rotation and management

Authentication & Access

  • Magic Link Authentication: Passwordless, secure login
  • Session Management: Secure, time-limited sessions
  • Multi-Factor Authentication: Available for enhanced security
  • Access Controls: Role-based permissions and data isolation

Infrastructure Security

  • SOC 2 Compliance: Infrastructure hosted on SOC 2 compliant platforms
  • Network Security: Firewalls, VPCs, and network isolation
  • DDoS Protection: Built-in protection against attacks
  • Regular Updates: Automated security patches and updates

Monitoring & Logging

  • 24/7 Monitoring: Continuous system and security monitoring
  • Audit Logging: Comprehensive logs of all system activities
  • Anomaly Detection: Automated detection of suspicious activities
  • Incident Response: Rapid response to security incidents

Data Protection

Data Isolation

  • Row-level security policies
  • Customer data segregation
  • Secure multi-tenancy

Backup & Recovery

  • Automated daily backups
  • Point-in-time recovery
  • Disaster recovery procedures

Compliance & Standards

GDPR

Full compliance with EU data protection regulations

SOC 2

Infrastructure meets SOC 2 Type II standards

ISO 27001

Information security management practices

Third-Party Security

We carefully vet all third-party services and ensure they meet our security standards:

Supabase: SOC 2 Type II certified, ISO 27001 compliant
Stripe: PCI DSS Level 1 certified payment processing
Vercel: SOC 2 compliant hosting and edge network
Resend: Secure email delivery with encryption

Incident Response

We have established procedures for handling security incidents:

  1. Detection: Automated monitoring and manual reporting
  2. Assessment: Rapid evaluation of incident scope and impact
  3. Containment: Immediate steps to prevent further damage
  4. Communication: Transparent updates to affected customers
  5. Resolution: Complete remediation and system restoration
  6. Review: Post-incident analysis and improvements

Security Best Practices

We recommend these security practices for your account:

  • Use a unique, strong email address for your OnboMail account
  • Enable two-factor authentication when available
  • Regularly review your account activity and team members
  • Keep your integration credentials secure and rotate them regularly
  • Monitor your email sending patterns for anomalies
  • Report any suspicious activity immediately

Security Contact

If you discover a security vulnerability or have security concerns:

🚨 Security Issues

Please report security vulnerabilities responsibly. Do not disclose publicly until we have had a chance to address the issue.

Email: help@onbomail.com
Response Time: Within 24 hours
PGP Key: Available upon request