VibeMailSecurity

Security at VibeMail

Infrastructure Security

  • All data encrypted in transit using TLS 1.3
  • Database encryption at rest using AES-256
  • Hosted on SOC 2 compliant infrastructure (Vercel, Neon)
  • Regular security updates and patches
  • DDoS protection via Cloudflare

Application Security

  • Authentication via Clerk (OAuth 2.0, MFA support)
  • API rate limiting and abuse prevention
  • Input validation and sanitization
  • Regular dependency updates and vulnerability scanning
  • Secure session management

Email Security

  • SPF, DKIM, and DMARC authentication
  • Webhook signature verification
  • Bounce and complaint suppression
  • Anti-spam compliance (CAN-SPAM, GDPR)
  • Secure unsubscribe handling

Data Protection

  • No selling or sharing of customer data
  • GDPR and CCPA compliant
  • Regular backups with point-in-time recovery
  • Data retention policies and right to deletion
  • Secure payment processing via Stripe (PCI DSS Level 1)

Compliance

GDPR

Full compliance with EU data protection regulations

CCPA

California Consumer Privacy Act compliant

CAN-SPAM

Automated compliance with US email regulations

SOC 2

Infrastructure meets SOC 2 Type II standards

Report Security Issues

We take security seriously. If you discover a vulnerability, please report it responsibly.

Email: security@vibemail.com

We'll respond within 24 hours and work with you to resolve the issue.