Security at Outliny

At Outliny, we understand that email and document templates often carry sensitive business and customer data. That’s why we built our platform with security-first principles and strict compliance frameworks to ensure your data remains safe, encrypted, and never exposed — not even to us.

Certified & Compliant

ISO 27001:2022 Certified
SOC 2 Type II Compliant
These certifications reflect our commitment to secure systems, employee practices, access controls, and operational resilience.

Zero Visibility Architecture

All customer data is encrypted at rest and in transit
No logs are stored by default
Outliny employees can’t access your templates or data — you’re always in control.

End-to-End Encryption

TLS 1.2+ for all data in transit
AES-256 encryption for data at rest
Secrets and keys stored securely using cloud-native vaults
Template variables and payloads are never persisted unless you opt-in

Granular Access Controls

Role-based access for template editing and deployment
Module-based templating for restricted shared components
Audit-friendly configuration (including for self-hosted instances)

Self-Hosting? You’re in Charge

Full control over data residency and storage
Internal network deployments behind your own firewall
Integrate with your existing authentication systems

Security Best Practices We Follow

Static code analysis on all releases
CI/CD with signed artifacts
Regular third-party penetration testing
Principle of least privilege applied across services

Data Handling Policy Highlights

No data is stored unless you opt in
No template parameters are logged
Logs (if enabled) are encrypted and kept short-lived
PDF and Email outputs are deleted immediately after rendering

Privacy-First Philosophy

Outliny was built with a simple rule: your data is your data. We don’t read it, we don’t sell it, or use it to train any models.
Read our full Privacy Policy

Questions About Security?

We’re happy to answer any specific security concerns or requirements. Reach out to us:
[email protected]