Security

Security & Architecture

This page contains technical detail intentionally moved away from the marketing homepage.

Infrastructure

• Runtime: Cloudflare Workers API.
• Primary data store: Cloudflare D1.
• File storage and CSV import/export: Cloudflare R2.
• Queue processing: asynchronous worker jobs for import/enrichment tasks.

Authentication & Access Control

• Session-based authentication with token verification.
• Workspace-level membership checks on protected API routes.
• Role information retained per workspace membership.
• Logout invalidates session token server-side.

Data Protection

• Data stored in Cloudflare-managed services.
• Suppression and consent fields enforce do-not-contact controls in outreach routes.
• Email provider credentials can be configured per sending account and/or worker secrets.
• BYOK OpenAI key support via request header for user-funded AI generation.

Operational Guardrails

• Configurable free-tier caps for leads/day, AI requests/day, queue messages/day.
• R2 monthly caps enforced for storage, Class A operations, and Class B operations.
• Per-object upload size limits on R2 writes.
• Rate-limited login attempts and optional API key requirement for API access.

Compliance Notes

• Built with suppression and consent workflows suitable for GDPR-aware outbound processes.
• Users are responsible for lawful basis, contact permissions, and campaign policy compliance.
• Use suppression statuses and consent updates to avoid contacting opted-out recipients.