Email Notifications
AllyProof sends email for two broad purposes: scan activity (new results, score drops, critical issues, weekly digest) and account / billing lifecycle. Delivery preferences split across two pages — your personal inbox at Account → Notifications and the org-wide recipient list at Settings → Notifications.
Email types
Scan activity
| Triggered when | |
|---|---|
| Scan complete | Any scan finishes (manual, scheduled, or API). Includes site name, new score, severity breakdown, the new-vs-resolved delta, and a link to the report. |
| Critical issues | New critical-impact violations detected. Separate email so you're not waiting on the scan-complete to notice them. |
| Weekly digest | Monday summary of every site in the org — scores, issue counts, new-this-week. Opt-in, per-user. |
Team
| Triggered when | |
|---|---|
| Welcome | First login. Shorter onboarding guide to get the first scan running. |
| Team invitation | You're invited into an org; includes the inviter, role, and accept link. |
| Invitation accepted | Sent to admins / owner when a new member accepts and joins — closes the loop so nobody has to ask “did they get my invite?” |
Billing lifecycle
These are always delivered to the org owner (and the Billing seat, if one exists). They're transactional and not subject to personal-preference toggles — see Billing & Plans for the full subscription lifecycle.
| Triggered when | |
|---|---|
| Subscription activated | Free → paid transition on first successful checkout. |
| Plan changed | Paid-to-paid transition (upgrade or downgrade). |
| Downgrade scheduled | A downgrade is queued for the end of the current billing period so you keep what you paid for until cycle end. |
| Cancellation scheduled | You cancelled — confirmation of the end-of-period stop date with a one-click resume link. |
| Renewal upcoming | Five to seven days before the next renewal charge fires, so you can update a card or adjust the plan first. |
| Payment failed | A renewal charge was declined. Includes amount, next retry date, and a direct link to update the card. |
Managing personal preferences
Your personal toggles live at Account → Notifications and apply only to your inbox:
| Setting | Default | Options |
|---|---|---|
| Scan complete | On | All scans · Scheduled only · Off |
| Critical issue alerts | On | All severity · Serious & above · Critical only · Off |
| Weekly digest | Off | On · Off |
Team and billing lifecycle emails are always delivered — they carry information a user needs regardless of preference.
Org-wide recipients and webhooks
Settings → Notifications is the admin-level page. From here you can:
- Add extra email addresses that should receive every scan-complete and critical-alert email for the org (useful for shared inboxes like
dev-alerts@…). - Configure the outbound webhook URL and its signing secret — see Webhooks for event schema and signature verification.
Unsubscribing
Every personal notification email carries a one-click unsubscribe link in the footer. Following it opts you out of the email category the link was attached to. You can re-enable any time from Account → Notifications.
Delivery
Application emails go out via Resend from notifications@allyproof.comwith SPF, DKIM, and DMARC configured. Authentication emails (sign-up confirmation, password reset) come via the Supabase auth SMTP pipeline and will arrive from a different sender. Delivery is non-blocking: a scan or billing event is persisted before the email is queued, so if a transient delivery failure happens you won't lose the record.