Recurring SMS implements enterprise-grade security measures.
Data Isolation:
✅ User-Level Separation:
- You can ONLY see your own campaigns
- Cannot view or modify other users’ campaigns
- Even if you guess campaign IDs
✅ Reseller Hierarchy:
- Resellers see their own campaigns
- Cannot access parent or child user campaigns
- Complete isolation maintained
Authentication & Authorization:
✅ Login Required:
- Must be logged in to access
- Session timeout after inactivity
- Auto-logout on suspicious activity
✅ CSRF Protection:
- All forms protected against Cross-Site Request Forgery
- Secure tokens on every action
- Prevents unauthorized commands
✅ Role-Based Access:
- Only users with SMS permissions
- Admins cannot access user campaigns directly
- Audit trail maintained
Cron Security:
✅ CLI-Only Execution:
- Cron runs only via command line
- Cannot be triggered from browser
- Prevents unauthorized execution
✅ Token Authentication:
- Unique secret token required
- Token stored securely
- Regular token rotation recommended
✅ Timeout Detection:
- 5-minute execution limit
- Automatic timeout alerts
- Prevents resource abuse
Data Protection:
✅ Encrypted Storage:
- Sensitive data encrypted at rest
- Secure transmission (HTTPS)
- Password protection
✅ Input Validation:
- All inputs sanitized
- SQL injection prevention
- XSS protection
✅ Rate Limiting:
- Prevents abuse
- API rate limits
- Protects against spam
API Security:
✅ Secure Communication:
- API keys never exposed
- Encrypted data transmission
- Proper authentication headers
Audit & Logging:
✅ Comprehensive Logging:
- All actions logged
- Timestamp and user tracking
- Cannot be modified by users
✅ Execution History:
- Complete audit trail
- Who created/modified campaigns
- When changes were made
Best Practices for Users:
✔ Strong Passwords:
- Use complex passwords
- Change regularly
- Don’t share credentials
✔ Logout When Done:
- Especially on shared computers
- Close browser after use
✔ Monitor Activity:
- Review execution reports
- Check for unexpected campaigns
- Report suspicious activity
✔ Secure API Keys:
- Don’t share with others
- Rotate if compromised
- Use different keys for test/prod
✔Review Permissions:
- Limit team member access
- Use role-based permissions
- Audit user access regularly
Compliance:
✅ GDPR Ready:
- Data deletion on request
- Export user data
- Consent management
✅ DLT Compliance:
- Template validation
- Mandatory sender ID
- Message template matching
Incident Response:
If you suspect security issue:
✓ Immediately:
- Change password
- Pause all campaigns
- Logout all sessions
✓ Contact Support:
- Report incident details
- Provide suspicious activity logs
- Follow guidance from support team
✓ Review Activity:
- Check execution reports
- Verify campaign settings
- Monitor credit usage