Axel
Sign inSign up free
Security

Built so the on-call engineer sleeps through the night.

Webhook traffic carries some of the most sensitive data in your stack — payment events, identity changes, access grants. Axel is engineered like the systems your security team is already comfortable with.

Request security review Read the docs
What we promise

Six guarantees you can hold us to today.

Every item below is implemented and tested in the codebase — not aspirational. We'd rather under-promise and ship than ride a marketing slide deck.

Tokens never stored in plaintext

Source ingest tokens are stored as SHA-256 hashes. Validation is constant-time. Tokens are never written to logs or audit trails — only their hash prefix.

SHA-256

Payloads encrypted in transit & at rest

TLS 1.2+ on the edge. Cloudflare R2 encrypts every object at rest. ClickHouse logs are stored in customer-managed encryption keys when self-hosted.

TLS 1.2+

Sandboxed transform code

Customer route filters and transforms run in isolated Worker threads with V8 resource limits, 250ms wall-clock timeouts, and no network or filesystem access. Per-process semaphore prevents noisy-neighbor.

0 egress

Tenant isolation by workspace_id

Every Postgres row, ClickHouse partition, and queue message is keyed by workspace_id. The dashboard enforces workspace scope on every query — there's no path to read a sibling tenant's data.

every row

Bounded payload retention

Raw payloads in R2 are kept 30 days for replay. Event traces in ClickHouse have a 30-day TTL, dead letters are kept one year, and the audit log ten years. Caps are enforced by scheduled drains, not best-effort.

30 days

Audit log on every privileged action

Workspace creation, member invites, role changes, source mutations and destination writes are all recorded with actor + timestamp in an append-only audit log.

append-only
Roadmap

The compliance work, sequenced honestly.

We'd rather you see the plan than a logo soup. Here's where the security work sits today, and where it's going next.

  • ShippedTLS edge, hashed tokens, sandboxed transforms, audit log
  • ShippedPer-source rate limits, body & depth caps, idempotent fan-out
  • ShippedEgress guards on every destination connector — private-network and SSRF targets rejected, including connection tests
  • ShippedVersioned signing secrets bound to their source, constant-time sign-in, fail-closed ingest
  • ShippedRelease gate: every version passes a deterministic check suite plus an adversarial audit before deploy
  • In flightSelf-serve GDPR erasure for data-subject requests
  • Q3 2026SOC 2 Type I report (in observation now)
  • Q4 2026BYO-cloud option for regulated workloads
  • 2027SOC 2 Type II + ISO 27001

Have a security question?

We respond to security@axelapp.ai within one business day. Vulnerability reports get a same-day acknowledgement and a fix or mitigation timeline within 72 hours.

Email security@axelapp.ai Pricing