Letterbox

 Contact forms without the hassle

Security Procedures

Overview
  • Letterbox takes the security of your data and communications seriously.
  • We implement multiple layers of protection to safeguard your account and messages.
  • This page outlines our security practices, infrastructure, and how to report vulnerabilities.
Authentication
  • Passwords are securely hashed before storage. Letterbox never stores plaintext passwords.
  • Login attempts are rate-limited to prevent brute force attacks.
  • API access requires valid API keys with associated request tokens.
  • API keys have expiry dates and can be disabled at any time.
  • Request tokens are short-lived and scoped to individual form submissions.
Data Encryption
  • All connections to Letterbox use TLS (HTTPS) encryption in transit.
  • Data at rest is encrypted in storage.
  • Internal communications between services are encrypted.
Infrastructure Security
  • Services are isolated with restricted network access between components.
  • Each service runs with minimal privileges following the principle of least access.
  • Infrastructure is updated regularly to address known vulnerabilities.
  • Access to production systems is restricted and audited.
Data Protection
  • Contact form messages are delivered to recipients and not retained longer than necessary.
  • Account data is stored only for the duration of the account's existence.
  • You can request deletion of your account and associated data at any time.
  • See our privacy policy for full details on data handling.
Spam & Abuse Protection
  • Incoming messages are analysed for spam using automated scoring.
  • Request tokens prevent unauthorised form submissions.
  • Domain verification ensures recipients have authorised their email addresses.
Vulnerability Disclosure
  • If you discover a security vulnerability, please report it to us responsibly.
  • Contact us directly rather than disclosing publicly.
  • We aim to acknowledge reports promptly and provide updates on remediation.
  • We appreciate responsible disclosure and will credit reporters where appropriate.
Security Contact
  • For security concerns, contact us via the contact page.
  • For urgent security issues, email us directly at the address listed on the contact page.