Security you can trust.
We take security seriously. The platform is built on enterprise-grade infrastructure with multiple layers of protection for your data and API communications.
- SSL / TLSActive
- GDPRCompliant
- CCPACompliant
- Google CloudCertified
Platform security
Multiple layers of security protect your data and API communications.
Encryption in transit
All API communications are encrypted with TLS 1.2+ (HTTPS). We enforce secure connections and reject unencrypted requests.
- TLS 1.2 & 1.3
- HSTS enabled
- Strong ciphers only
Encryption at rest
Data stored on the platform is encrypted with AES-256. API keys are hashed and never stored in plain text.
- AES-256-GCM
- Automatic rotation
- Secure key management
API authentication
Secure API-key authentication with key rotation, scoped permissions, and usage monitoring built in.
- Unique keys per account
- Regenerate on demand
- Usage alerts
Rate limiting & DDoS
Built-in rate limiting protects against abuse, and Google Cloud provides DDoS mitigation at the edge.
- Per-key limits
- Burst allowances
- Automatic blocking
Audit logging
Comprehensive logging of API access and administrative actions for security monitoring and compliance.
- Request logging
- Access trails
- Anomaly detection
Access controls
Role-based access for team accounts, with least-privilege applied across our infrastructure.
- Team roles
- Scoped sub-keys
- SSO (Enterprise)
Infrastructure security
Built on Google Cloud's secure, globally distributed infrastructure.
Google Cloud
Our entire stack runs on Google Cloud, inheriting their world-class security and compliance certifications.
Isolated compute
APIs run in isolated containers with no shared resources between customers. Each request is sandboxed.
Network security
Virtual private cloud with strict firewall rules. Internal services are never exposed to the public internet.
Redundancy
Multi-region deployment with automatic failover. Calls route to the nearest healthy endpoint.
Compliance & certifications
Standards we meet today, and the infrastructure certifications we build on.
SSL / TLS
All API traffic encrypted with TLS 1.2+. Unencrypted requests are rejected.
GDPR
We meet GDPR requirements for data protection and privacy.
CCPA
We honor California Consumer Privacy Act data rights.
Google Cloud
Built on SOC 1/2/3, ISO 27001 certified infrastructure.
How is my data encrypted?
What data do you store?
How long is data retained?
Do you sell or share data?
Where is data processed?
How do I report a vulnerability?
Responsible disclosure
Found something? We appreciate responsible reporting.
Report a security vulnerability
If you've found a security issue, please report it through our contact page. We review every submission and respond quickly.
Report a vulnerability →