SendOps
Sign inGet Started

Security

Security by architecture, not just policy.

SendOps is a control plane — it never touches your email content or sits in your sending path. Your data stays in your AWS account. We manage the configuration, not the payload.

Architecture

Data isolation by design

The single most differentiating aspect of SendOps's security model is architectural. We don't handle email — we handle configuration.

Control plane only

SendOps configures and monitors SES — it does not send, receive, relay, or proxy email. All email flows directly through SES in your AWS account.

Your AWS account, your resources

SES configuration sets, identities, and EventBridge rules are provisioned inside your AWS account. You maintain full ownership and control. If you stop using SendOps, your resources stay.

No access to customer databases

SendOps never connects to your databases, mailing lists, or subscriber data.

Recipient address handling

Recipient email addresses are stored in plaintext within the search index (scoped per account) to enable per-message lookup. For analytics and aggregate reporting, addresses are stored as irreversible hashes.

Credential scoping

We use IAM roles with least-privilege permissions. You define the access boundary through the IAM policy you attach to the cross-account role.

Infrastructure

Where things run

  • Hosting: Hetzner Online GmbH (Germany) and Amazon Web Services (United States).
  • Encryption in transit: TLS 1.2+ on all external connections.
  • Encryption at rest: All databases, backups, and stored credentials are encrypted at rest.
  • Network isolation: Production systems are segmented behind firewalls and security groups with restricted access.
  • Patch management: Regular updates to OS, dependencies, and application code.

Access Control

Authentication & access

Your account

  • Session-based authentication with secure, server-side session storage. Sessions are not stored in cookies or client-side storage.
  • Role-based access control for Authorized Users within your organization.

Our systems

  • Multi-factor authentication required for all administrative access to production.
  • Unique accounts for all personnel — no shared credentials.
  • Principle of least privilege across all internal systems.

Data Handling

What we store, and for how long

  • Minimal data footprint. We collect only what's needed to operate the Service — account info, usage data, recipient addresses for search, hashed addresses for analytics, and billing references.
  • AWS credentials. Stored with application-level encryption. Never logged, never exposed in plaintext.
  • Analytics retention by plan. Data is permanently deleted after the retention window.

Free

7 days

Team

90 days

Business

1 year

  • Account deletion. Full deletion of account data upon closure, with ordered cascade across all stores.

Compliance

Legal & regulatory

SendOps is operated by AltaCoda LLC, a Delaware limited liability company. We comply with applicable data protection laws including GDPR and CCPA/CPRA.

  • GDPR. We act as a data processor when handling personal data on your behalf. Our DPA includes Standard Contractual Clauses (Module 2) for EEA, UK, and Swiss data transfers. Sub-processor list published at sendops.dev/subprocessors.
  • CCPA/CPRA. We do not sell or share personal information. Our DPA includes CCPA service provider certification.
Document Link
Terms and Conditions sendops.dev/terms
Privacy Policy sendops.dev/privacy
Data Processing Addendum sendops.dev/dpa
Sub-processor List sendops.dev/subprocessors

Incident Response

When things go wrong

  • Documented incident response procedures for identifying, containing, and remediating security incidents.
  • Personal Data Breach notification within 72 hours, as required by GDPR and committed in our DPA.
  • Post-incident review and remediation for all security events.

Vendor Management

Sub-processor oversight

  • Due diligence conducted on all sub-processors before engagement, evaluating their security practices and data protection controls.
  • Contractual data protection obligations imposed on every sub-processor.
  • 30-day advance notice of sub-processor changes, with objection rights for customers.
  • Full sub-processor list published at sendops.dev/subprocessors.

Responsible Disclosure

Found a vulnerability?

We're grateful to security researchers who help keep SendOps safe. If you've found a vulnerability, please reach out privately before public disclosure.

  • We acknowledge reports within 2 business days.
  • We work to understand and validate the reported issue.
  • We will not take legal action against researchers acting in good faith.
  • We ask for reasonable time to remediate before public disclosure.
security@sendops.dev

Transparency

What we don't do

  • We don't send email on your behalf.
  • We don't expose recipient addresses beyond account-scoped search.
  • We don't access your customer databases.
  • We don't sell or share your data.
  • We don't store full payment card numbers.
  • We don't impose directory structures on your repositories.