Security

Infrastructure security

• Multi-cloud architecture across AWS, DigitalOcean, Vercel, and CloudFlare.
• Enterprise-grade data centers with 24/7 monitoring.
• DDoS protection and network security measures.
• Regular security patches and updates.

• All data encrypted in transit (HTTPS/TLS 1.2+) and at rest.
• Secure data handling with automatic deletion policies.
• Isolated customer data processing.
• Malware detection and content security scanning.

Access & authentication

• API key authentication required for all requests.
• Rate limiting and abuse prevention.
• Request validation and comprehensive logging.

• Multi-factor authentication for all admin access.
• Role-based access controls with least privilege principles.
• Regular access reviews and security training.

Monitoring & response

• 24/7 automated security monitoring and alerting.
• Comprehensive audit logging for all system activities.
• Regular vulnerability scanning and security assessments.

• Defined security incident response procedures.
• GDPR-compliant breach notification (within 72 hours to authorities).
• Transparent communication with affected customers.

Compliance

• GDPR compliance with data protection by design.
• Regular security reviews and policy updates.
• Comprehensive vendor security management for all subprocessors.

• Automated daily backups with geographic distribution.
• Disaster recovery procedures and regular testing.
• Defined recovery objectives for critical systems.

Security contact

Responsible disclosure

1. Report it to
   [email protected]
   .
2. Allow reasonable time for investigation and resolution.
3. Do not publicly disclose until resolved.
4. Do not access or modify data that doesn't belong to you.