Security & Trust

Trust isn't a vibe. It's engineering work.

Security and compliance are first-class product surfaces here, not a tickbox bolted on after the launch party. Here's how we keep your data, your customers and your sending reputation in one piece.

POPIA-aligned by design

Consent, suppression and right-to-be-forgotten flows built in from day one. Not a bolt-on, not a checkbox.

Data residency, your call

Customer data hosted in the Azure region you pick, South Africa North included. Your data stays where your lawyers like it.

Secrets locked up properly

All credentials in Azure Key Vault. No secrets in repos, no secrets in logs, no secrets shipped to browsers.

Encrypted from end to end

TLS 1.2+ in transit, AES-256 at rest, keys rotated on a calendar, not a hope.

Infrastructure with the lights on

Network segmentation, managed identity, least-privilege RBAC, everything as code. Boring on purpose.

Auditable down to the byte

Every send and every admin action logged with correlation IDs. If it happened, we can show you where.

Certifications & posture

POPIA compliance programme, operational since 2021.
ISO 27001, on the roadmap.
SOC 2 Type II, on the roadmap.
Independent penetration testing on a 12-month cycle.