Enterprise-grade security for self-hosted notification delivery

Self-hosted deployment means customer PII never leaves your servers. AES-256 encryption, HMAC-signed webhooks, audit trails, and brute-force protection included.

Get Started
Security & Compliance Suite Security & Compliance Suite

Security architecture, not security theatre

AES-256 encrypted SMTP and API credentials at rest
SHA-256 hashed API keys — plain text never stored
HMAC-SHA256 signed webhook payloads for tamper detection
Brute-force protection with progressive lockout (10/25 failures)
Soft-delete on all records for audit trail integrity
Self-hosted — customer PII never leaves your infrastructure

Compliance built into every layer

From encrypted storage to signed unsubscribe links — compliance is architecture, not an afterthought.

Data Sovereignty

Self-hosted deployment means you control where data lives. No third-party SaaS has access to your customer information.

Audit Logging

Every admin action logged with user, IP, action type, and payload. Queryable, exportable, and tamper-resistant.

Access Control

Admin authentication with brute-force protection. API keys with scoped permissions and independent rate limits.

Deploy on your own infrastructure today

Full control over your data, your compliance posture, and your notification pipeline.

Schedule Evaluation

Key Features

🔐

AES-256 Encryption

SMTP passwords, API secrets, and webhook signing keys encrypted at rest with Laravel's AES-256-CBC encryption.

🛡️

Brute-Force Protection

Progressive lockout after 10 and 25 failed login attempts. IP-based throttling with configurable cooldown periods.

📝

Comprehensive Audit Logs

Every admin action, API call, and notification event logged with timestamp, user, IP address, and full payload.

HMAC Webhook Signing

Outbound webhooks signed with HMAC-SHA256. Receiving systems can verify payload integrity using the shared secret.

🔗

Signed Unsubscribe

List-Unsubscribe headers with signed URLs. One-click compliance with email regulations — no authentication required.

🏠

Self-Hosted Control

Deploy on your VPS or shared hosting. No SaaS dependency, no per-send pricing, no data leaving your network.

Frequently Asked Questions

SMTP passwords and API secrets are encrypted with AES-256-CBC before storage in MySQL. API keys are SHA-256 hashed — the plain text is shown once at creation and never stored.

No. Notify is fully self-hosted. The only outbound connections are to your configured SMTP providers and webhook endpoints. No telemetry, no analytics, no SaaS callbacks.

The AuditLogger records every admin action with user ID, IP address, action type, entity references, and the full before/after payload. Logs are soft-deleted and can be exported from the admin panel.

Notify provides the technical controls (encryption, audit trails, access control, data sovereignty) that regulated environments require. Compliance certification depends on your broader infrastructure and policies.

Related Products

Template Management System

Template Management System

54 production-ready email templates across 5 exchanges. Live preview, variable substitution, per-exchange overrides — all editable from the admin panel.

 Addon Marketplace

Addon Marketplace

Extend Notify with exchange packs, custom channels, workflow hooks, and third-party integrations. Install, update, and remove addons without touching the core.

 Contact & Audience Manager

Contact & Audience Manager

Import, segment, and manage your notification recipients. CSV import, group segmentation, suppression lists, and unsubscribe compliance built in.