Posthawk
Security

Your data, your
control — always

Posthawk is built with security at its core. Self-host for complete control, or use our cloud with enterprise-grade isolation. Every line of code is open source and auditable.

Self-Hosting GuideView Source
End-to-End

Encrypted

Zero

Trackers

MIT

Licensed

100%

Self-Hostable

Built-In Protections

Security by default

Encryption at Rest & In Transit

All data is encrypted using AES-256 at rest and TLS 1.3 in transit. API keys are hashed before storage — never stored in plaintext.

Row-Level Security

Every database query is scoped to your workspace using Supabase RLS policies. Data isolation is enforced at the database level, not just the application layer.

No Email Content Logging

Email bodies are never persisted in logs or analytics. Only metadata like timestamps, recipients, and delivery status are stored for your records.

API Key Isolation

Each API key is scoped to a single workspace with configurable permissions. Keys can be rotated or revoked instantly without affecting other integrations.

No Telemetry or Tracking

Posthawk sends zero telemetry, analytics, or usage data back to us. Your infrastructure is yours alone — no phone-home behavior, ever.

Self-Hosted by Design

Deploy on your own servers with full control over your data, network, and encryption keys. No vendor lock-in, no data leaving your perimeter.

Infrastructure

What powers Posthawk

Battle-tested stack

Posthawk is built on PostgreSQL, Redis, and AWS SES — proven technologies trusted by millions of applications. Supabase provides row-level security and encrypted vault storage out of the box. No custom crypto, no experimental databases.

Every component is containerized and stateless, making it simple to deploy behind your existing firewall, VPN, or private network. Your email infrastructure stays within your security perimeter.

Security Stack

DatabasePostgreSQL via Supabase with RLS
SecretsSupabase Vault (encrypted at rest)
Email TransportAWS SES with TLS enforcement
QueueBullMQ + Redis (in-memory, ephemeral)
AuthSupabase Auth with JWT + PKCE
API KeysSHA-256 hashed, workspace-scoped
Data Handling

Your data, handled right

Data Residency

Self-hosted deployments keep all data in your chosen region. Cloud users benefit from EU-based infrastructure with configurable SES regions.

Credential Management

SMTP credentials, API keys, and webhook secrets are stored in Supabase Vault — encrypted at rest and never exposed in API responses.

Audit Trail

Every email event — sent, delivered, bounced, complained — is logged with timestamps. Full visibility into your email pipeline for compliance needs.

Compliance Ready

Self-hosted Posthawk gives you full control for GDPR, HIPAA, and SOC 2 requirements. No third-party data processors beyond your own infrastructure.

Open Source

Every line is auditable

Transparency you can verify

Posthawk is fully open source under the MIT license. Every line of code — from API routes to database migrations to email processing logic — is publicly available for audit.

No obfuscated binaries, no proprietary modules, no hidden network calls. Your security team can review the entire codebase before deploying to production.

Audit the source

Browse the full source code, review security-critical paths, or fork the repository for your own security review process.

View on GitHub

Ready to take control?

Deploy Posthawk on your own infrastructure in minutes. Full control over your email data, no compromises.

Get Started FreeSelf-Hosting Guide
Cookie Preferences

We use analytics cookies to understand how you use our site and improve your experience. Privacy Policy