Security
Your Data Is Protected
BizPortal is built with security at every layer — from email reception to webhook delivery.
How We Protect Your Data
Encryption at Rest
All webhook secrets are encrypted using AES-GCM with a per-instance encryption key. Secrets are never stored in plaintext.
Encryption in Transit
All webhook URLs must use HTTPS. Private and loopback addresses are rejected at validation to prevent SSRF attacks.
HMAC-Signed Webhooks
Every webhook payload includes an X-Webhook-Signature header so your application can verify authenticity.
Source IP Enforcement
Configure trusted CIDR ranges to restrict which IP addresses can deliver email to your BizPortal address.
Secrets Never Logged
Webhook secrets and sensitive data are stripped from all server logs and audit trails by design.
Passwordless Authentication
No passwords to leak or manage. Login uses email OTP — one-time codes that expire after use.
Dead-Letter Queue
Failed webhook deliveries are preserved in a dead-letter queue for inspection and replay — nothing is silently lost.
Delivery Audit Trail
Every email event is recorded with sender, recipient, delivery status, and timestamp for full traceability.
Ready to Automate Your Business Emails?
Get started in minutes and turn every critical email into a signed webhook event.
BizPortal