Security & Compliance

WarmySender takes security seriously. Here is an overview of our security practices:

Data Encryption:

• All data in transit is encrypted using TLS 1.2+ (HTTPS). Every connection between your browser and our servers is encrypted.
• Passwords and API keys are hashed using industry-standard algorithms (bcrypt for passwords, SHA-256 for API keys). We never store plaintext passwords.
• Database connections use SSL encryption.

Authentication & Access:

• Session-based authentication with secure HTTP-only cookies.
• Two-factor authentication support for LinkedIn account connections.
• API keys support granular scopes (read/write per resource type) and optional expiration dates.
• Role-based access control: Owner, Admin, User, Readonly roles with enforced permission boundaries.
• Failed login attempts are rate-limited to prevent brute force attacks.

Infrastructure:

• Application hosted on secure cloud infrastructure.
• Database hosted on Neon (PostgreSQL) with automatic backups and point-in-time recovery.
• Redis (Upstash) for queue management with encrypted connections.
• Regular security updates and dependency patching.

Email Security:

• SMTP connections support TLS/SSL encryption.
• SSRF protection: the system validates that SMTP/IMAP hostnames do not resolve to private or internal IP addresses.
• Port validation: only standard email ports are allowed.
• Connection testing before accepting mailbox credentials.

Compliance:

• CAN-SPAM: Every campaign email includes an unsubscribe link and respects opt-out requests immediately.
• GDPR: Data processing with user consent, right to erasure via account deletion, suppression list management.
• LinkedIn: All automation follows LinkedIn's Terms of Service with conservative rate limits, ramp-up periods, and circuit breakers.
• Unsubscribe handling follows RFC 2369 and RFC 8058 standards.

Data Retention:

• You control your data — export or delete at any time.
• Campaign data and analytics are retained while your account is active.
• Upon account deletion, all associated data is permanently removed.

Security Page:
For our full security policy, visit warmysender.com/security.
Privacy Policy: warmysender.com/privacy.

For security inquiries, contact us at [email protected].

Related guides in Platform

• Email & LinkedIn Templates
• Unified Inbox
• How We Measure Campaign Revenue (First-Touch Attribution)
• Analytics & Reporting
• Teams & Workspaces

Back to all documentation | Contact support