Reliable by design.
Secure by nature.
Your trust is our most valuable asset. Hooki is built on a modern architecture that protects your data and your clients' data at every stage.
Advanced Encryption
LUKS2 at-rest for the PostgreSQL database. AES-256-GCM for WhatsApp credentials in Redis. No sensitive data stored in plaintext.
EU Infrastructure
All servers are in the European Union (Madrid, IONOS). Full GDPR compliance. Public DPA available to sign.
Multi-Tenant Isolation
Each client operates in a completely separate logical environment. Row Level Security on PostgreSQL: impossible for one tenant to access another's data.
The system that never forgets. Zero data loss.
Persistent Message Queue
Webhook server offline? Messages enter the BullMQ queue and are automatically retried for 35 minutes with exponential backoff. Zero message loss.
Webhook Integrity with HMAC
Every payload to your systems is digitally signed. Verify the authenticity of every request with your secret key — no replay attacks possible.
const sig = req.headers['x-hooki-signature'];
if (verifyHmac(payload, secret, sig)) {
processMessage(payload);
}
"Security built into every data packet."
2FA
TOTP 2FA for every account.
Every user type — platform admin, agency member, client user — can enable TOTP two-factor authentication. Keys are encrypted at rest. Audit log tracks every access.
- Standard TOTP (Google Authenticator, Authy, 1Password)
- TOTP keys encrypted with AES-256-GCM
- Audit log of every authentication event
- Recovery codes for emergency access
GDPR Compliance.
We operate in full compliance with GDPR. We never sell data to third parties, we collect only the minimum necessary. Public DPA available to sign, transparent subprocessors list.