For enterprise & on-premise teams

Your data. Your network. Your audit trail.

Q: What does the deployment topology look like for production?

Standard Laravel: app servers behind LB, MySQL primary + replica, Redis cache/queues, dedicated queue workers for campaign sender. Stateless app tier; horizontal scale.

Q: How does AcelleMail handle subject access requests under GDPR?

Data lives in your MySQL. CLI export command ships; portal-style self-serve SAR ships as a ~100-line plugin. Audit log entries are pseudonymised during right-to-delete.

Q: What about air-gapped or restricted-egress environments?

Fully supported. License is one-time check; updates ship as ZIPs you can mirror. Only outbound traffic is to your chosen SMTP backend.

Q: Is the source code reviewable by our security team before procurement?

Yes. License includes full source. Your team can read every line, run SAST/DAST against staging, pin a specific git revision after review.

Q: What support tier is available for enterprise installs?

CodeCanyon ticket-based per-license. Production-incident escalation + named-account-manager are custom engagements; contact us with SLA requirements.

AcelleMail is a Laravel application you install on your own infrastructure. Subscriber records, send history, tracking pixels, audit logs — all live on hardware you control. Native role-based access control, activity-log audit trail, plan-based quotas for departmental gating, and the same one-time licensing that lets your CFO sign off without a recurring-revenue line item. The compliance posture is “you are the email vendor.”

Buy Extended License — $199 Talk to a human →

Data residency by default

Self-hosted means your DPO’s job got easier.

Subscriber data, campaign content, send history, tracking events, audit logs — all stored in a MySQL database on infrastructure you control. EU-only hosting for EU customers, US-only for US customers, on-prem for air-gapped environments. The bundled Amazon SES driver supports any SES region; switching from us-east-1 to eu-west-1 is one config field change. There is no third-party Data Processing Agreement to sign with the email vendor — you are the email vendor for your end customers.

Schrems II concerns about US-cloud-hosted SaaS evaporate when the application is on hardware your DPO already approved. Same with the FedRAMP / IL5 / BSI C5 conversation: AcelleMail sits inside whatever environment your security team has already cleared, doesn’t introduce a new third-party processor, and doesn’t require new sub-processor disclosures to your customers.

Enterprise-shaped feature surface

RBAC. Audit. Quotas. The three controls compliance asks about first.

Role-based access control

Native RBAC: Roles, RolePermissions, User-Role joins. Roles are global (admin-wide) or scoped per Customer (department, business unit, regional team). Permission sets are granular — campaign create, list export, sending-server config, plan management. New roles are admin-defined; no need to rebuild the model when your org chart changes.

Activity-log audit trail

Every customer-facing and admin-facing action writes an entry to activity_logs: who did what, when, against which resource. Subscription changes, customer actions, plan-change events, campaign sends, manual subscriber edits. Per-customer audit view for the customer’s own log; admin-wide audit view for the security team’s log. Retention is your call — rows live in your database, your archival policy applies.

Plan-based quotas & entitlements

Each Plan carries four sets of limits: credits, quotas, entitlements, rate-limits. Quotas gate static resource counts (lists, subscribers, automations). Entitlements gate features (allow custom sending server, allow programmatic API access). Rate limits gate per-window send volume. Departmental gating in a multi-tenant install: Engineering on a high-quota plan, Marketing on the bulk-promotional plan, Customer Support on a transactional-only plan.

GDPR right-to-delete cascade

When a subscriber exercises the right to delete, the cascade runs: the subscriber row is purged, send-history rows are anonymised, the unsubscribe is propagated to any connected ad-platform audiences (Facebook, Google) so the email isn’t recreated downstream. Audit-log entry preserves the action (subject ID hashed) so the deletion itself is documented for the compliance trail.

Custom sending servers (private SES, Postal, Exim)

Run sends through a private Amazon SES identity, an on-prem Postal MTA, an internal Exim relay, or any combination. New sending vendors ship as a one-class sending-driver plugin. Useful when corporate policy requires all outbound mail to traverse an internal SMTP relay, or when DLP scanning happens on the egress path.

Standard stack — Laravel, MySQL, Redis

PHP 8.2+, MySQL 5.7+ / MariaDB 10.3+, Redis (optional, for cache and queues). Standard Linux server. Your platform team already runs this stack — no new database engine, no new runtime, no new container orchestration to introduce. Same backup, monitoring, scaling, and patching playbooks apply. Eleven developer docs walk every extension surface.

What we don’t ship today

No SAML / LDAP / SSO in the base install.

Authentication ships with email/password plus Google + Facebook OAuth. SAML, LDAP, OIDC enterprise SSO, Azure AD / Okta — none of that is in the base install. If your security team requires SAML before approving any new application, AcelleMail is not turn-key for that requirement today.

The plugin path is open: an auth-driver plugin against the existing Laravel auth stack is feasible in the same shape as the sending-driver pattern — one class, register the driver, point your IdP at the SAML endpoint the plugin exposes. Several customers have written internal SAML adapters this way; we don’t ship a maintained reference plugin for it today, and we don’t want to oversell what isn’t in the box.

If SAML is a hard gate: talk to us before purchasing. We’d rather flag the gap up front than have you find it during procurement review.

Licensing your CFO will recognise

One-time license. Capex, not opex.

The Extended License at $199 covers commercial redistribution and the plugin SDK — the right tier for an internal enterprise install where you may also build branded variants for subsidiaries or business units. One purchase order, one accounting line, software updates included for the supported version’s lifetime. No per-seat creep, no per-subscriber inflection at scale, no annual contract negotiation.

Send-volume cost lives separately on whichever SMTP backend you chose — Amazon SES at $0.10 per 1,000 emails, on-prem Postal at zero marginal cost, internal Exim relay at zero marginal cost. The expense line is “the email sends we actually made,” not “the platform tier we’re budgeted to.”

Enterprise-specific FAQ

Real questions from procurement & security review.

What does the deployment topology look like for production?

Standard Laravel topology: one or more application servers behind a load balancer, MySQL primary + read replica, Redis for cache and queues, dedicated queue workers for the campaign sender. Stateless app tier — horizontal scale is “add another app server.” The send pipeline is queue-driven so worker fleet scales with peak send volume independent of the web tier. Same shape as a typical Laravel SaaS deployment.

How does AcelleMail handle subject access requests under GDPR?

The data is in your MySQL — subscriber row plus per-campaign send-history join is the SAR payload. A small CLI export command exists; for a portal-style self-serve SAR flow, the plugin pattern is straightforward (~100 lines: a customer-facing controller that authenticates the subject, queries the data, returns CSV/JSON). The audit log itself is also subject to SAR; pseudonymisation of the audit-log entries during right-to-delete is the design we ship.

What about air-gapped or restricted-egress environments?

Fully supported. The application has no required outbound dependency on AcelleMail’s servers post-install — license activation is a one-time check, software updates ship as ZIP files you can mirror internally. The only outbound traffic in normal operation is to the SMTP backend you chose; if that’s an internal Exim relay or on-prem Postal, total outbound from the AcelleMail install is the relay traffic. Suitable for IL5-style restricted environments after standard hardening.

Is the source code reviewable by our security team before procurement?

Yes. The license includes full source — not just runnable bytecode. Your security team can read every line, run static analysis, run their own SAST/DAST against a staging install, and pin a specific git revision after review. The codebase is conventional Laravel; reviewers familiar with Laravel applications generally complete a first-pass review in days, not weeks.

What support tier is available for enterprise installs?

CodeCanyon’s support is per-license, ticket-based, response-time targeted in business hours. Production-incident escalation, scheduled-call-with-engineering, named-account-manager — that’s a custom support engagement. Contact us with your scale and SLA requirements; we’ll quote an engagement that matches.

Self-hosted. Audited. Yours.

Extended License $199 includes commercial redistribution + the plugin SDK. Lifetime updates. Talk to us before purchase if you need a custom support engagement or a SAML / SSO scoping conversation.

Get AcelleMail — $199 Talk to a human