Security

Our infrastructure is hosted on enterprise-grade cloud providers with multiple layers of security:

• Network Security: Virtual private clouds (VPCs) with strict firewall rules, DDoS protection, and intrusion detection/prevention systems (IDS/IPS).
• Enterprise-Grade Hosting: Infrastructure hosted on cloud providers with industry-leading security certifications and compliance standards.
• Monitoring: 24/7 infrastructure monitoring with automated alerting for anomalous activities and potential security incidents.
• Disaster Recovery: Regular automated backups with tested recovery procedures and business continuity planning.

• Bearer Token Authentication: All API requests require authentication via API keys passed in the Authorization header.
• Key Hashing: API keys are hashed using bcrypt with appropriate work factors and never stored in plaintext.
• Instant Revocation: API keys can be revoked immediately from your dashboard if compromised.
• Rate Limiting: Intelligent rate limiting protects against abuse and ensures fair usage across all customers.

GDPR Compliance: As a Norwegian company, we are fully compliant with the EU General Data Protection Regulation. We act as a data processor when handling customer content and maintain appropriate data processing agreements.

Data Residency: Primary data processing occurs within the European Economic Area (EEA). Enterprise customers can request specific data residency requirements.

• Secure Development: We follow OWASP best practices and conduct regular security code reviews.
• Dependency Scanning: Automated vulnerability scanning of all dependencies with immediate patching of critical issues.
• Input Validation: Strict input validation and sanitization to prevent injection attacks.
• Security Headers: Implementation of security headers including CSP, HSTS, X-Frame-Options, and X-Content-Type-Options.