Security at deprec8

Data in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.3, the latest and most secure transport layer security protocol.

Data at Rest

All sensitive data stored in our databases is encrypted at rest using AES-256 encryption. Database backups are also encrypted using the same standard.

Hosting

deprec8 is hosted on Amazon Web Services (AWS) in the eu-west-1 region. AWS maintains extensive compliance certifications including SOC 2, ISO 27001, and GDPR.

Protection

We use AWS CloudFront for DDoS protection and AWS WAF (Web Application Firewall) to protect against common web exploits and malicious traffic.

Monitoring

Our infrastructure is continuously monitored for security threats, performance issues, and anomalous behavior. We maintain 24/7 alerting for critical security events.

Authentication

User passwords are hashed using industry-standard bcrypt with per-user salts. We support strong password requirements and never store passwords in plain text.

Role-Based Permissions

Professional accounts use role-based access control (RBAC) to ensure users only have access to the resources they need. Administrators can assign granular permissions to team members.

Single Sign-On

SSO via SAML 2.0 is on our roadmap, which will allow you to integrate deprec8 with your existing identity provider for centralised access management.

GDPR Compliance

We are fully compliant with the EU General Data Protection Regulation (GDPR). Users have the right to access, correct, delete, or export their personal data at any time.

Data Retention

We retain user data only as long as necessary to provide our services. Account data is permanently deleted within 30 days of account closure, except where retention is required by law.

Right to Deletion

Users can request complete deletion of their account and associated data at any time through account settings or by contacting support@deprec8.io.

Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. We only share data with service providers necessary to operate the platform, under strict confidentiality agreements.

Security Audits

We conduct regular security audits of our codebase and infrastructure. Third-party penetration testing is performed annually by independent security firms.

Vulnerability Management

We maintain an active vulnerability management program, monitoring for security vulnerabilities in our dependencies and addressing them promptly.

Compliance Certifications

We are actively pursuing SOC 2 Type II certification. Our infrastructure provider (AWS) maintains ISO 27001, PCI DSS, and other relevant certifications.

Security Incident Process

We maintain a formal incident response plan for security events. Our team is trained to quickly identify, contain, and remediate security incidents.

Notification

In the event of a security breach that affects user data, we will notify affected users within 72 hours and provide details about the incident, impact, and remediation steps.

Transparency

We believe in transparent communication about security. When incidents occur, we publish post-mortem reports detailing what happened, why, and what we're doing to prevent recurrence.