Your customers' data deserves better
Security you can explain to a customer.
Row-level isolation, encryption in transit and at rest, and BYOD on every plan — your subscribers live in your Neon Postgres, not ours.
Encryption in transit
All traffic between you, Senderkit and your database is protected by TLS 1.2+. No unencrypted hops, ever.
Encryption at rest
Subscriber data, template content and API keys are stored encrypted at rest on Neon and Cloudflare R2.
Per-tenant database isolation
Every workspace connects its own Neon Postgres. Subscriber data lives in your database — SenderKit reads it only at send time.
Bring Your Own Database
Required on all plans. Connect Neon during onboarding — free tier works. Your data, your infrastructure, your control.
Authenticated sending
Send from your domain with SPF, DKIM and DMARC. No subdomain relays, no shared sender reputation.
Hashed credentials
Passwords are bcrypt-hashed. API keys are stored as SHA-256 hashes — we can never retrieve the raw value after creation.
Webhook signatures
Every webhook we send is signed; every Stripe webhook we receive is verified and idempotent.
Audit logs
Admin-sensitive actions (plan changes, key rotations, data deletions) are recorded to an append-only audit log.
Compliance without the enterprise theatre
Designed around GDPR, not around it.
For teams with stricter requirements, BYOD fundamentally reduces our role from data processor to infrastructure passthrough, dramatically simplifying your compliance story.
Security questions
What security teams ask us.
In your own Neon Postgres database. Senderkit reads it only at send time — we don't hold a persistent copy.
Responsible disclosure.
Found a vulnerability? Email senderkit@hatched.digital with the subject “Security report”. We reply within one business day.
Trust, built in
The honest platform for email.
First 200 emails on us · Your Neon database · Cancel anytime.