Security

Your Data is
Our Priority

Enterprise-grade security meets small-business simplicity. Encryption in transit, signed webhooks, built-in compliance tools, and automatic opt-out management — all included.

TLS Encryption

All data transmitted between your browser, our API, and carrier networks is encrypted via TLS 1.2+. No plaintext transmissions, ever.

JWT Authentication

Every API call is authenticated with short-lived JWT tokens. Refresh tokens are rotated automatically and stored securely.

Ed25519 Webhook Signing

Every webhook payload is signed with Ed25519. Verify the signature on your end to guarantee the event came from IgniteSMS, not an impersonator.

Role-Based Access

Control who can send campaigns, view reports, or manage billing. Admin, Manager, and Agent roles keep your account secure as your team grows.

Token Encryption at Rest

Third-party integration tokens (Square, Clover, Instagram) are encrypted at rest using Fernet (AES-128-CBC). Keys are never stored in code.

Reliable Infrastructure

Built on cloud infrastructure with automated backups, redundant message queuing via RabbitMQ, and in-memory caching for real-time performance.

Compliance Made Easy

Stay on the right side of regulations with built-in compliance features.

TCPA Compliance

  • Automatic STOP/HELP keyword processing
  • Consent timestamp logging for every subscriber
  • Quiet hours enforcement (configurable per timezone)
  • Double opt-in support for maximum protection
  • Required opt-out language in every broadcast

10DLC Registration

  • In-app 10DLC brand registration
  • Campaign use-case submission
  • Status tracking & rejection guidance
  • Sample privacy policy templates
  • Lower per-message costs with approved campaigns

How We Handle Your Data

Data Storage

Contact data and message logs are stored in encrypted databases. Integration credentials are encrypted at rest with Fernet encryption.

Data Deletion

Request a complete data export or deletion at any time. We remove your data within 30 days of account closure — no hostage data policies.

No Data Selling

We never sell, rent, or share your contact lists or message content with third parties. Your data is yours. Period.

Audit Logging

All account activity — logins, campaign sends, contact imports, settings changes — is logged for accountability and troubleshooting.

Security Questions?

Our team is happy to walk you through our security practices and compliance tools.

Contact Us Compliance Guide