Security controls before credentials, payloads, or production traffic.
InstaWebhook is designed for teams that need operational visibility without ignoring data handling risk. The platform includes encrypted storage, scoped access controls, audit logs, rate limits, payload limits, secret rotation, export controls, deletion controls, and optional BYO database workflows.
Data storage modes
Hosted storage mode stores encrypted payloads in InstaWebhook-managed PostgreSQL. BYO database mode stores payloads in a customer-controlled PostgreSQL schema while InstaWebhook provides the management experience and worker visibility.
Credential handling
Connection strings and signing secrets are encrypted before storage, never displayed in full after saving, and can be rotated or deleted from the dashboard.
Least privilege
BYO database setup uses a dedicated schema and dedicated database user. The setup guide explains each permission before credentials are entered.
Audit logs
Security-sensitive actions are recorded with actor, timestamp, target, and metadata. Payload bodies and raw secrets are never written to audit logs.
Deletion and export
Customers can export operational records, delete stored payload bodies, rotate endpoint tokens, disconnect BYO database connections, and request organization deletion.