Security & Compliance

Authentication & access

Email verification required before access.
Secure sessions; sign‑out across devices.
OAuth for providers with token refresh and revocation handling.

Compliance

GDPR and CAN‑SPAM compliance for marketing emails.
Unsubscribe handling and suppression lists.
Data protection and retention best practices.