β Back to Home
1. Our Approach to Security
At iPendio, security is not a feature β it is a foundational principle embedded into every layer of our
architecture. We process sensitive financial data on behalf of multi-location businesses, and we treat that
responsibility with the rigor it demands. Our security program encompasses technical controls,
organizational policies, and continuous monitoring.
π Encryption
TLS 1.3 for all data in transit. AES-256 encryption at rest for databases, file storage, and backups.
Encryption keys managed via AWS KMS with automatic rotation.
βοΈ Email Authentication
SPF + DKIM (2048-bit) + DMARC (p=reject) enforced on every outbound message. Dedicated sending IP
with established reputation. No shared sending infrastructure.
βοΈ Infrastructure
Hosted on AWS (us-west-2, Oregon) with multi-AZ deployment, auto-scaling, continuous backups, and
disaster recovery procedures tested quarterly.
π‘ Monitoring
24/7 infrastructure monitoring with automated alerts. Real-time bounce and complaint tracking. Volume
anomaly detection with automatic holds and ops review.
2. Security Practices
Access Controls
- Role-Based Access Control (RBAC) across the entire platform β users, administrators, and internal staff.
- Principle of least privilege enforced for all data access, including production databases and sending
infrastructure.
- Multi-Factor Authentication (MFA) mandatory for all administrative accounts and available for all users.
- Session management with automatic timeout after 30 minutes of inactivity.
Data Protection
- Data classification system: Confidential (financial records, PII), Internal (usage analytics), Public
(marketing materials).
- Encryption at rest (AES-256) and in transit (TLS 1.3) for all classified data.
- Database access restricted to application layer β no direct access from external networks.
- Automated data retention enforcement with secure deletion procedures.
Application Security
- Secure development lifecycle (SDLC) with mandatory code review for all changes.
- Dependency scanning with automated alerts for known vulnerabilities.
- Regular penetration testing by qualified third-party assessors.
- Input validation, parameterized queries, and output encoding to prevent injection and XSS attacks.
3. Infrastructure Details
Cloud Hosting
iPendio operates on Amazon Web Services (us-west-2, Oregon) with multi-Availability Zone
deployment. Our infrastructure includes:
- Auto-scaling compute instances behind an Application Load Balancer.
- Managed PostgreSQL databases (RDS) with automated daily backups and point-in-time recovery.
- S3 object storage with versioning and AES-256 server-side encryption for document storage.
- CloudWatch monitoring with custom alarms for latency, error rates, and resource utilization.
Email Delivery
Transactional notifications are delivered through Mailgun (Sinch) via authenticated SMTP
relay:
- Dedicated IP address β not shared with other senders.
- Average daily volume: approximately 10,000 transactional emails.
- Spam complaint rate: < 0.03% (target < 0.05%).
- Bounce rate: < 1.4% (target < 2%).
- All messages authenticated with SPF, DKIM, and DMARC (p=reject).
- IP warm-up and reputation management handled in-house with gradual volume scaling.
4. Email Practices (Detailed)
This section provides a comprehensive overview of how iPendio manages outbound email operations to maintain
deliverability, compliance, and trust.
Recipient Verification
Every recipient email address belongs to a registered platform user who completed identity verification
during onboarding. User accounts are created through one of two paths: direct registration with email
verification, or administrator invitation with acceptance link. No third-party or purchased lists are ever
used.
Suppression List Management
We maintain a centralized suppression list that is checked before every send operation. Addresses are added
to the list automatically upon:
- Hard bounce (permanent delivery failure)
- Spam complaint via ISP feedback loop
- Manual opt-out via notification preferences
- Account closure or user deactivation
Suppressed addresses are never re-activated without verified, explicit fresh consent.
Bounce & Complaint Workflows
- Hard bounces: Address immediately suppressed. If a single client exceeds 5% bounce
rate, sending for that account is paused pending data quality review.
- Soft bounces: Retried up to 3 times over 24 hours. If delivery continues to fail, the
address is moved to suppression.
- Complaints: Address immediately suppressed. Root cause analysis within 24 hours. If a
single client exceeds 0.1% complaint rate, sending is suspended.
Feedback Loop (FBL) Monitoring
iPendio subscribes to feedback loops offered by major ISPs (Yahoo, AOL/Verizon, Comcast, etc.). Every
complaint signal is ingested automatically, the recipient is suppressed, and a review ticket is created for
our operations team.
Rate Limiting & Anomaly Detection
Built-in rate limiters prevent any single account or feature from generating excessive volume. If sending
volume for any client or globally exceeds the established baseline by more than 200%, an automatic hold is
triggered and our operations team reviews the activity before releasing further messages.
Access Control to Sending (RBAC)
Email template modifications, sending rule changes, and recipient list adjustments require role-based
authorization. Only designated operations staff can modify these settings, and every change requires
explicit approval from a second authorized person. All modifications are logged.
Audit Trail
- Email delivery logs retained for 90 days.
- Template and rule change logs retained indefinitely.
- Application access logs retained for 12 months.
- All logs are tamper-resistant and available for compliance review upon request.
How to Report Abuse
If you believe you've received an unwanted or abusive message from iPendio, contact us at abuse@ipendio.com. We acknowledge abuse reports within 24 hours and
provide resolution within 5 business days.
5. Incident Response
iPendio maintains a documented incident response plan with the following stages:
- Detection (0β30 min): Automated monitoring or manual report triggers incident
classification (Critical, High, Medium, Low).
- Containment (30 minβ2 hrs): Affected systems are isolated. Sending may be paused if the
incident involves email infrastructure.
- Investigation (2β24 hrs): Root cause analysis performed by the engineering and security
team. Evidence preserved for audit.
- Resolution (24β72 hrs): Fix deployed, systems restored, and validation testing
completed before resuming full operations.
- Post-Incident Review (within 7 days): Written report with root cause, impact
assessment, remediation steps, and preventive measures shared with affected clients.
GDPR notification commitment: If a data breach involves personal data of EU residents, the
relevant supervisory authority will be notified within 72 hours. Affected individuals will be notified
without undue delay if the breach is likely to result in a high risk to their rights and freedoms.
6. Logging & Audit Trail
| Log Type |
Retention Period |
Access |
| Email delivery logs |
90 days |
Operations team (read-only) |
| Application access logs |
12 months |
Security team (read-only) |
| Change management records |
Indefinite |
Compliance team |
| Security incident logs |
24 months |
Security team |
| Client data access logs |
12 months |
Compliance + Engineering leads |
All logs are stored in append-only, tamper-evident storage. Privileged access to logs requires MFA and is
itself logged.
7. Compliance
iPendio's operations align with the following regulatory frameworks:
- GDPR (General Data Protection Regulation) β Data subject rights, lawful processing
bases, DPA with sub-processors, 72-hour breach notification.
- CCPA (California Consumer Privacy Act) β Right to know, right to delete, right to
opt-out of sale (we do not sell data), non-discrimination.
- CAN-SPAM Act β Truthful headers, non-deceptive subjects, valid physical address, honor
opt-out requests within 10 business days.
- CASL (Canadian Anti-Spam Legislation) β Express or implied consent for all messages
sent to Canadian recipients, identification requirements, unsubscribe mechanisms.
8. Responsible Disclosure
We welcome responsible security research. If you discover a vulnerability in the iPendio platform, please
report it responsibly:
- Email: security@ipendio.com
- Acknowledgment: We will acknowledge receipt of your report within 48
hours.
- Assessment: We will complete an initial assessment within 5 business
days and keep you informed of progress.
- No retaliation: We will not pursue legal action against researchers who act in good
faith and follow responsible disclosure practices.
- Recognition: With your permission, we may credit you in our security acknowledgments.
Please do not access, modify, or delete data belonging to other users. Do not disclose the vulnerability
publicly until we have had reasonable time to address it.
9. Contact
For security-related questions, vulnerability reports, or compliance inquiries:
iPendio, Inc. β Security & Compliance
580 Howard Street, Suite 210
San Francisco, CA 94105
Security: security@ipendio.com
Privacy: privacy@ipendio.com
Abuse: abuse@ipendio.com
Phone: +1 (415) 829-7143
Related resources: Terms of Service Β· Privacy
Policy Β· Acceptable Use Policy Β· Contact &
Support