Connect the tools you already use.
Everything GrowthMatic plugs into today — and what we're adding next. We mark roadmap items honestly so you know exactly what's live on day one.
Email delivery
Amazon SES
Default outbound transport. DKIM-signed and DMARC-aligned under our verified sender domain. Bounce + complaint events stream back via SNS webhooks and auto-add to the workspace's suppression list.
BYO SMTP
Bring your own SMTP server per-workspace. One-click quick-fill presets for Postmark, SendGrid, Mailgun, AWS SES, Resend, Brevo, Google Workspace, and Microsoft 365 — or paste host + port for anything else (your own ISP, Zoho, FastMail, custom relays). Outreach for that workspace sends via your transport instead of our shared SES pool. SMTP password is encrypted at rest with AWS KMS; a 'verify' button proves the config works before any real send.
LLM
AWS Bedrock + Claude (Anthropic)
All LLM inference — ICP extraction, intent ranking, outreach drafting, compliance review — runs through Bedrock in us-east-1 against Anthropic's Claude family. No data crosses to a third-party LLM provider; the Bedrock contract keeps prompts + completions inside AWS.
Sources
Reddit, Hacker News, Bluesky, Lobsters, dev.to, YouTube, RSS
The intent miner pulls public signals from Reddit threads, Hacker News stories + comments (via the Algolia HN API, no key required), Bluesky posts (via the public AppView), Lobsters stories (public JSON, no key required), dev.to articles (via the official Forem API, no key required), YouTube videos, and RSS/news feeds (HN newest, Product Hunt). Per-workspace toggles let you turn each platform on/off independently. Rate-limited per workspace to stay inside each platform's fair-use rails.
Authentication
Email + password
Sign-up gated by Cloudflare Turnstile + Have-I-Been-Pwned breach check. Email verification with 24-hour TTL. Per-IP login rate limit (10 / 15 min). Password reset invalidates every active session on success.
SSO (SAML, OIDC)
Google Workspace, Okta, Azure AD, generic SAML/OIDC. Required for enterprise procurement; ships in a follow-up phase.
Webhooks
AWS SNS (bounces, complaints)
SES posts hard-bounce, soft-bounce, and complaint events to SNS, which calls back to /api/webhooks/ses/*. Each request is signature-verified against AWS's published certificate before any state change.
Cloudflare Turnstile
Privacy-friendly bot challenge on every unauthenticated state-changing form — signup, password-reset request, and the /support contact form. Verifies server-side before the request is accepted. The contact form falls back to a mailto: link if the site key isn't configured on a build.
Compliance
DKIM, DMARC, SPF, RFC 8058
Every outbound message is signed for DKIM and aligned for DMARC under our verified sender domain. Outreach emails ship with List-Unsubscribe + List-Unsubscribe-Post headers per RFC 8058 (via SES v2's Content.Simple.Headers) so Gmail, Outlook, and Yahoo render their native one-click Unsubscribe widget. The receiving POST endpoint at /unsubscribe/:token immediately adds the recipient to the workspace's suppression list.
Channels
LinkedIn DM outreach is on the roadmap behind a per-account session bridge. Email is the only outbound channel today.
X / Twitter DMs
X DM outreach is roadmap. The legacy paste-URL miner can ingest X content you paste manually (an LLM extracts targets from the URL) but the automated harvester doesn't scan X today — adding it needs the X API v2 paid tier we haven't subscribed to. Send-side DM hookup follows.
SMS
SMS outreach via Twilio or AWS End User Messaging is roadmap. Carrier compliance + per-region opt-in rules add weight; we'd rather ship the email loop polished first.
CRM
HubSpot, Salesforce, Pipedrive
Bidirectional CRM sync (push targets and outreach activity, pull contact merges) is on the roadmap. Today the workflow assumes GrowthMatic is the system of record for prospect activity.
Notifications
Slack notifications
A Slack incoming-webhook integration to ping a channel on new high-intent clusters or response activity is roadmap.