SecurityEnterprise ReadyGoogle Cloud

Security You Can Trust

We take security seriously. Our platform is built on enterprise-grade infrastructure with multiple layers of protection to keep your data and API communications secure.

View SLAContact Us

Platform Security

Multiple layers of security protect your data and API communications

Encryption in Transit

All API communications are encrypted using TLS 1.2+ (HTTPS). We enforce secure connections and reject unencrypted requests.

  • TLS 1.2 and 1.3 supported
  • HSTS enabled
  • Strong cipher suites only

Encryption at Rest

Data stored on our platform is encrypted using AES-256 encryption. API keys are hashed and never stored in plain text.

  • AES-256-GCM encryption
  • Automatic key rotation
  • Secure key management

API Authentication

Secure API key authentication with support for key rotation, scoped permissions, and usage monitoring.

  • Unique API keys per account
  • Key regeneration on demand
  • Usage analytics and alerts

Rate Limiting & DDoS Protection

Built-in rate limiting protects against abuse. Google Cloud's infrastructure provides DDoS mitigation at the edge.

  • Per-key rate limits
  • Burst allowances
  • Automatic threat blocking

Audit Logging

Comprehensive logging of API access and administrative actions for security monitoring and compliance.

  • Request logging
  • Access audit trails
  • Anomaly detection

Access Controls

Role-based access controls for team accounts. Principle of least privilege applied across our infrastructure.

  • Team member roles
  • Scoped API keys
  • SSO support (Enterprise)

Infrastructure Security

Built on Google Cloud's secure, globally distributed infrastructure

Google Cloud Platform

Our entire infrastructure runs on Google Cloud, benefiting from their world-class security and compliance certifications.

Isolated Compute

APIs run in isolated containers with no shared resources between customers. Each request is processed in a secure sandbox.

Network Security

Virtual private cloud with strict firewall rules. Internal services are not exposed to the public internet.

Redundancy

Multi-region deployment with automatic failover. Your API calls are routed to the nearest healthy endpoint.

Compliance & Certifications

Working toward industry-standard compliance certifications

SOC 2 Type II

In Progress

We are actively working toward SOC 2 Type II certification.

GDPR

Compliant

We comply with GDPR requirements for data protection and privacy.

CCPA

Compliant

We honor California Consumer Privacy Act data rights.

Google Cloud

Certified

Built on Google Cloud's SOC 1/2/3, ISO 27001 certified infrastructure.

Data Handling

Transparency about how we handle your data

What data do you store?

We store your account information, API keys (hashed), and usage metrics. We do not store the content of your API requests or responses beyond what's needed for real-time processing.

How long is data retained?

Usage logs are retained for 90 days for analytics and debugging purposes. You can request deletion of your account data at any time by contacting us.

Do you sell or share data?

No. We never sell your data or share it with third parties for marketing purposes. Data is only used to provide and improve our services.

Where is data processed?

All data is processed on Google Cloud infrastructure. Primary processing occurs in US regions, with edge caching globally for performance.

For more details, see our Privacy Policy and Terms of Service.

Security Vulnerability Reporting

Found a security vulnerability? We appreciate responsible disclosure. Please report security issues through our contact page.

Report a Vulnerability

Questions About Security?

Our team is happy to discuss our security practices and answer any questions about protecting your data.

Contact UsView Documentation