Control-ready
PMH-SEC matrix, audit export, and compliance crosswalks — your attestation, our controls.
Security matrix
Managed appliance
Enterprise outbound infrastructure — operated for you or on your metal. KumoMTA control plane, prepaid credits, OmniFBL, and smoke-gated panel.
SOC 2-alignedHIPAA-ready designNIST CSF mappedSmoke-gated
Trust centerArchitecture
Caddy terminates TLS. Astro serves / and /app on postmta-hosted-web :4321. /v1* goes to the API. SMTP submission on postmta-hosted-smtp.

Why hosted appliance
PostMTA Hosted is contact-only enterprise. We operate the stack or install in your VPC. Separate from postmta.com DIY self-install.
PMH-SEC matrix, audit export, and compliance crosswalks — your attestation, our controls.
Security matrixNamed QA rows in MATRIX — live Kumo inject, credits ledger, and panel journeys.
Proof hubWe-operate managed stack or customer VPC on your metal — same appliance, honest scope.
Enterprise modelsProduct pillars
Hold → commit → void before every inject. Live Realtime wallet in the panel.
HTTP /v1/send, panel send, and SMTP AUTH all hit live kumod inject.
PMH-SEC control matrix on /trust/security. Prod smoke fails if lab flags stay on.
Provision/health after packaging. Not claimed until smoke-green.
Included feedback loop — not a separate upsell.
Seven-step wizard until first verified send — then full panel nav unlocks.
Security
RLS on workspace data. service_role stays on the BFF. JWT gate on /app when SSR is enabled.
Are you SOC 2 or HIPAA certified? No — we ship PMH-SEC controls and compliance crosswalks so your team can attest on your deployment.
Trust centerProof matrixRequest access for architecture fit — we operate or deploy on your VPC.