warmbox/docs/15-security-and-compliance.md

1.9 KiB

Security & Compliance

Credential handling

Data Storage Access
Mailbox passwords AES-256-GCM encrypted Decrypt only in send/IMAP workers
AI API keys Env or encrypted settings Never returned in GET settings
API keys Env Header auth self-hosted

SaaS evolution

  • Per-tenant encryption keys (KMS)
  • Secrets rotation without re-entering passwords where OAuth applies
  • Audit log for credential access

Authentication roadmap

Phase Model
1 Optional single API key
2 Session auth for web UI
3 Multi-tenant JWT + RBAC

Roles (SaaS)

Role Permissions
Owner All + billing
Admin Campaigns, mailboxes
Viewer Read-only stats

Data privacy

  • Warmup email bodies may contain AI-generated business text — not PII by default
  • Store minimum content needed for thread continuity
  • Retention policy: 90 days for logs (configurable)
  • GDPR: export + delete workspace data

Transport security

  • TLS required for SMTP (587/465) and IMAP (993)
  • HTTPS for API and UI
  • No credential logging in Pino output

Abuse prevention (SaaS)

  • Rate limit API
  • Verify email domain ownership before warming (DNS TXT challenge)
  • Block disposable email domains for signup
  • Monitor outbound volume per tenant

Before public SaaS:

  • Terms of Service (user owns mailboxes, compliant use)
  • Privacy Policy
  • Acceptable Use Policy (no spamming prospects via warmup)
  • ESP ToS disclaimer

Incident response

Event Response
Credential leak Rotate ENCRYPTION_KEY, force password re-entry
ESP suspension Pause all campaigns for affected mailbox
AI generating harmful content Block send, alert operator

Compliance frameworks (future)

  • SOC 2 Type II (SaaS scale)
  • Not required for self-hosted FillCare deployment