Security you can trust.

We take security seriously. The platform is built on enterprise-grade infrastructure with multiple layers of protection for your data and API communications.

Encrypted end to end
TLS 1.2+Every request in transit, AES-256 at rest
  • SSL / TLSActive
  • GDPRCompliant
  • CCPACompliant
  • Google CloudCertified
Platform

Platform security

Multiple layers of security protect your data and API communications.

Encryption in transit

All API communications are encrypted with TLS 1.2+ (HTTPS). We enforce secure connections and reject unencrypted requests.

  • TLS 1.2 & 1.3
  • HSTS enabled
  • Strong ciphers only

Encryption at rest

Data stored on the platform is encrypted with AES-256. API keys are hashed and never stored in plain text.

  • AES-256-GCM
  • Automatic rotation
  • Secure key management

API authentication

Secure API-key authentication with key rotation, scoped permissions, and usage monitoring built in.

  • Unique keys per account
  • Regenerate on demand
  • Usage alerts

Rate limiting & DDoS

Built-in rate limiting protects against abuse, and Google Cloud provides DDoS mitigation at the edge.

  • Per-key limits
  • Burst allowances
  • Automatic blocking

Audit logging

Comprehensive logging of API access and administrative actions for security monitoring and compliance.

  • Request logging
  • Access trails
  • Anomaly detection

Access controls

Role-based access for team accounts, with least-privilege applied across our infrastructure.

  • Team roles
  • Scoped sub-keys
  • SSO (Enterprise)
Infrastructure

Infrastructure security

Built on Google Cloud's secure, globally distributed infrastructure.

Google Cloud

Our entire stack runs on Google Cloud, inheriting their world-class security and compliance certifications.

Isolated compute

APIs run in isolated containers with no shared resources between customers. Each request is sandboxed.

Network security

Virtual private cloud with strict firewall rules. Internal services are never exposed to the public internet.

Redundancy

Multi-region deployment with automatic failover. Calls route to the nearest healthy endpoint.

Compliance

Compliance & certifications

Standards we meet today, and the infrastructure certifications we build on.

SSL / TLS

Active

All API traffic encrypted with TLS 1.2+. Unencrypted requests are rejected.

GDPR

Compliant

We meet GDPR requirements for data protection and privacy.

CCPA

Compliant

We honor California Consumer Privacy Act data rights.

Google Cloud

Certified

Built on SOC 1/2/3, ISO 27001 certified infrastructure.

Security questions.

How we protect your data, and what we do with it.

Read the privacy policy
How is my data encrypted?
Everything is encrypted in transit with TLS 1.2+ (unencrypted requests are rejected) and at rest with AES-256. API keys are hashed and never stored in plain text.
What data do you store?
Your account information, hashed API keys, and usage metrics. We don't store the content of your API requests or responses beyond what's needed for real-time processing.
How long is data retained?
Usage logs are kept for 90 days for analytics and debugging. You can request deletion of your account data at any time by contacting us.
Do you sell or share data?
No. We never sell your data or share it with third parties for marketing. Data is used only to provide and improve the service.
Where is data processed?
On Google Cloud infrastructure. Primary processing happens in US regions, with edge caching globally for performance.
How do I report a vulnerability?
Through our contact page. We appreciate responsible disclosure, review every submission, and respond quickly.
Disclosure

Responsible disclosure

Found something? We appreciate responsible reporting.

Report a security vulnerability

If you've found a security issue, please report it through our contact page. We review every submission and respond quickly.

Report a vulnerability

Questions about security? Our team is happy to walk through our practices and answer anything about protecting your data.

Need our paperwork?

SOC 2, GDPR, and a DPA are available on request.

View the DPA