Resend establishes policies and controls, monitors compliance with those controls, and proves the security and compliance to third-party auditors.

Our policies are based on the following foundational principles:

Compliance Standards

Data Protection

Product Security

Penetration testing

Resend engages with third-party firms to conduct penetration testing at least annually.

All areas of the Resend product and cloud infrastructure are in-scope for these assessments, and source code is fully available to the testers in order to maximize the effectiveness and coverage.

You can download the latest penetration test report on the Documents page.

Vulnerability scanning

Resend uses multiple vulnerability monitoring techniques including code-level scanning, dependency scanning, and security reviews to identify and remediate vulnerabilities.

Vulnerabilities are prioritized based on severity and risk, and are remediated according to the following schedule:

  • Critical: 15 Days
  • High: 30 Days
  • Medium: 90 Day
  • Low: 180 Days
  • Informational: As needed

Enterprise Security

Responsible Disclosure

To report a vulnerability, please check the guidelines on the Responsible Disclosure page.