Security

Infrastructure Security

• Encrypted traffic in transit using TLS.
• Network-level controls and restricted service-to-service access.
• Environment isolation between development, staging, and production.
• Continuous monitoring of system health and suspicious activity.

Application Security

• Secure coding practices and dependency updates.
• Input validation and request filtering to reduce abuse risk.
• Rate limiting and anomaly detection for API protection.
• Logging and traceability for critical API events.

Authentication and API Keys

• API key-based authentication for all protected endpoints.
• Key revocation/rotation support when compromise is suspected.
• Usage tracking by key to detect abuse and unauthorized usage patterns.

Data Protection

• Data minimization for operational and support requirements.
• Controlled access to production systems based on business need.
• Retention policies aligned with legal, security, and operational obligations.

Operational Security

• Regular backups and recovery procedures for critical data.
• Incident response process for triage, containment, and remediation.
• Post-incident reviews to improve controls and response readiness.

Customer Best Practices

• Store API keys in secure secret managers, not client-side code.
• Rotate keys periodically and after team or system changes.
• Use IP restrictions and monitoring alerts where possible.
• Report suspicious behavior immediately.

Responsible Disclosure

If you discover a potential vulnerability, please report it through our contact page with detailed reproduction steps. We investigate all reports and prioritize confirmed security issues.