Skip to main content
The FTC fined the leading overlay provider $1M for deceptive claims. Learn why it matters (opens in new tab)
Security

Security

Your data protection is foundational to our platform. Here's how we keep your information safe.

Data Protection

Security practices

Encryption in Transit

All connections use TLS 1.2 or higher. HSTS headers enforce secure connections. API endpoints reject plaintext HTTP.

Encryption at Rest

All data is encrypted at rest using AES-256. Database backups are encrypted. Sensitive fields use additional application-level encryption.

Authentication

Passwords are hashed with bcrypt using per-user salts. JWT tokens with short expiry (15 min) and httpOnly cookies. Refresh token rotation prevents replay attacks.

Access Controls

Multi-tenant architecture with strict tenant isolation. Role-based access control. All API endpoints enforce authentication and authorization.

Monitoring & Logging

Structured logging for all API requests. Audit trail for security-relevant actions. Automated alerting for anomalous patterns.

Dependency Management

Automated dependency scanning for known vulnerabilities. Regular updates to address CVEs. Minimal dependency footprint to reduce attack surface.

Infrastructure

Platform security

Cloud Infrastructure

Hosted on industry-leading cloud providers with SOC 2 certified data centers. Geographic redundancy for availability.

Network Security

Private VPC networking. Firewall rules restrict access to necessary ports only. DDoS protection at the edge layer.

Backups

Automated daily backups with point-in-time recovery. Backups encrypted and stored in separate regions. 90-day retention.

Secrets Management

All credentials, API keys, and secrets stored in secure vaults. Never committed to source code. Rotated regularly.

Reporting

Vulnerability reporting

We take security vulnerabilities seriously. If you discover a security issue in Access Audit, please report it responsibly.

Email: security@accessaudit.dev

Response time: We acknowledge reports within 24 hours and provide updates within 72 hours.

Scope: All Access Audit web applications, APIs, and infrastructure.

Please do not disclose security vulnerabilities publicly before we have had a chance to address them.