Your data, your
control — always
Posthawk is built with security at its core. Self-host for complete control, or use our cloud with enterprise-grade isolation. Full control over your email infrastructure.
Encrypted
Trackers
Control
Self-Hostable
Security by default
Encryption at Rest & In Transit
All data is encrypted using AES-256 at rest and TLS 1.3 in transit. API keys are hashed before storage — never stored in plaintext.
Row-Level Security
Every database query is scoped to your workspace using Supabase RLS policies. Data isolation is enforced at the database level, not just the application layer.
Minimal Content Retention
Email content is stored only for debugging and can be disabled. Metadata like timestamps, recipients, and delivery status are kept for your records. Self-hosted users control retention policies entirely.
MFA & API Key Isolation
Accounts are protected with optional TOTP-based two-factor authentication. Each API key is bcrypt-hashed and scoped to a single workspace. Keys can be rotated or revoked instantly.
No Telemetry or Tracking
Posthawk sends zero telemetry, analytics, or usage data back to us. Your infrastructure is yours alone — no phone-home behavior, ever.
Self-Hosted by Design
Deploy on your own servers with full control over your data, network, and encryption keys. No vendor lock-in, no data leaving your perimeter.
What powers Posthawk
Battle-tested stack
Posthawk is built on PostgreSQL, Redis, and AWS SES — proven technologies trusted by millions of applications. Supabase provides row-level security and encrypted vault storage out of the box. No custom crypto, no experimental databases.
Every component is containerized and stateless, making it simple to deploy behind your existing firewall, VPN, or private network. Your email infrastructure stays within your security perimeter.
Security Stack
Your data, handled right
Data Residency
Self-hosted deployments keep all data in your chosen region. Cloud users benefit from EU-based infrastructure with configurable SES regions.
Credential Management
SMTP credentials, API keys, and webhook secrets are stored in Supabase Vault — encrypted at rest and never exposed in API responses.
Audit Trail
Every email event — sent, delivered, bounced, complained — is logged with timestamps. Full visibility into your email pipeline for compliance needs.
Compliance Ready
Self-hosted Posthawk gives you full control for GDPR, HIPAA, and SOC 2 requirements. No third-party data processors beyond your own infrastructure.
Full control, by design
Your infrastructure, your control
Posthawk is designed to run on your own servers. Every component is containerized and stateless, giving your team full visibility into the email pipeline.
No hidden dependencies, no phone-home behavior. Deploy behind your firewall, VPN, or private network with complete control over your data flow.
Deploy with confidence
Self-host on your own infrastructure in minutes. Docker Compose deployment with full control over configuration, networking, and data.
Self-Hosting GuideReady to take control?
Deploy Posthawk on your own infrastructure in minutes. Full control over your email data, no compromises.