A transparent security program for webhook infrastructure.
InstaWebhook is built with a trust-first operating model. This page explains the controls currently implemented, the data subprocessors used, and the security practices customers can review before sending production traffic.
Current controls
- Application-level encryption for payloads and secrets
- Secure session cookies
- Native role-based access control
- Audit logs for sensitive actions
- Webhook signing support
- Rate and payload limits
- Data export and deletion controls
- BYO database least-privilege setup guide
Subprocessors
Polar.sh handles billing, checkout, subscription management, invoices, and billing portal. Resend handles transactional email delivery.
Security contact
To report a security concern, contact security@instawebhook.com with a clear description, affected endpoint, reproduction steps if available, and a safe contact method.