Communication Best Practices

Sending passwords, full tokens, card details, or excessive personal data in emails exposes that data to email providers, forwarding recipients, and anyone with inbox access.

Email and SMS endpoints without rate limiting can be abused to spam users or drain your sending budget through automated requests.

Push notification payloads are visible on the lock screen and logged by notification services — don't include account numbers, balances, or personal identifiers.