Security & Compliance

Enterprise-grade security architecture protects every API request. We handle encryption, access control, and regulatory compliance so your ad-verification workflow stays fast, trusted, and audit-ready.

Infrastructure Security

Data Encryption

  • TLS 1.3 for all endpoints
  • AES-256 at-rest encryption
  • Encrypted database connections
  • Per-request payload signing

Network Isolation

  • VPC-isolated infrastructure
  • Zero-trust access model
  • IP whitelisting per account
  • DDoS protection via CDN

Access Control

  • Mandatory API key rotation
  • Role-based access (RBAC)
  • Full audit logging
  • Session timeout enforcement

Compliance Certifications

SOC 2 Type II

Annual third-party security audit covering access controls, data integrity, monitoring, and incident response. Our most recent certification covers 2024-2025. Available for enterprise contracts under NDA.

GDPR & CCPA Compliant

Multi-region data residency options (US, EU, APAC). Automatic data purge policies enforced. Data Processing Agreements pre-negotiated and available on request. Privacy-by-design architecture across all systems.

HIPAA Eligible

Healthcare and life sciences use cases supported. Business Associate Agreements (BAA) available. HIPAA-compliant encryption and audit trails. Healthcare data isolation at the database level.

Residential Proxy Security Model

Our IP fleet enforces strict security controls at every layer:

Control Implementation
Geo-Verified IPs Every residential IP is location-verified and rotated through real carrier networks. No datacenter proxies, no previously-flagged IPs.
Session Consistency Sticky IP sessions (5-60 min) maintain connection integrity for multi-step verification workflows. IP rotates only at session boundary.
Blacklist Monitoring Continuous scanning against known ad-fraud and spam blacklists. Flagged IPs quarantined within 24 hours. Customers notified immediately.
Tenant IP Isolation Each customer's IP pool is completely isolated. No IP sharing across tenants. IP affinity is permanent per contract term.
User-Agent Consistency User-Agent strings matched to actual device and OS combinations. Prevents fingerprinting and reduces fraud detection false positives.

Data Handling & Privacy

Incident Response

Detection

24/7 automated monitoring. Critical incidents escalated to security team within 30 minutes. All confirmed incidents logged and reported within 4 business hours.

Remediation

Fix deployed per SLA (4 hours for critical). Automated rollback if necessary. Affected customers notified with remediation steps and timeline.

Transparency

Post-incident report published (PII-redacted) within 5 business days. Root cause analysis and prevention measures shared with affected accounts.

Enterprise Features

For regulated industries and large teams:

Pre-Launch Security Checklist

Before deploying to production, complete these steps:

Step Action
1. API Key Rotation Generate new key from dashboard. Revoke old key. Store new key in secrets manager (Doppler, Vault, AWS Secrets Manager).
2. IP Whitelisting Add your application's IP range or VPC CIDR block to whitelist. Test all API calls from whitelisted IPs only.
3. Webhook Verification Implement HMAC-SHA256 signature verification in webhook handler. Reject any unsigned requests.
4. Retention Review Confirm log retention schedule aligns with your compliance requirements (SOX, HIPAA, GDPR).
5. Monitoring Setup Route API errors and rate-limit warnings to observability platform (DataDog, New Relic, Elastic).

Security Support

Our security team is available for compliance reviews, architecture consultations, and penetration-test coordination.

Contact Security Team