Compliance & Certifications
SOC 2 Type II
Our infrastructure is audited annually by independent auditors to verify our security controls meet the highest standards.
GDPR Compliant
We fully comply with the European General Data Protection Regulation, ensuring your data rights are protected.
CCPA Compliant
California residents have full data rights under the California Consumer Privacy Act.
99.99% Uptime SLA
Enterprise customers receive financially-backed uptime guarantees with service credits for any downtime.
Data Protection
Encryption at Rest
All data stored in our databases is encrypted using AES-256 encryption. Database backups are also encrypted and stored in geographically redundant locations.
Encryption in Transit
All communications between your browser and our servers use TLS 1.3 encryption. We enforce HTTPS across all endpoints and use HSTS headers.
No Response Body Storage
We never store the response bodies from your monitored endpoints. We only record status codes, response times, and headers necessary for monitoring.
Secure Credential Handling
Passwords are hashed using bcrypt with appropriate work factors. API keys and authentication headers for your monitors are encrypted before storage.
Infrastructure Security
Network Security
- DDoS protection at network edge
- Web Application Firewall (WAF)
- Private network isolation
- Regular penetration testing
Access Control
- Role-based access control (RBAC)
- Multi-factor authentication required
- Audit logging for all access
- Principle of least privilege
Security Reporting
Report a Vulnerability
If you discover a security vulnerability, please report it responsibly. We appreciate your help in keeping our users safe.
Email: security@apihealthcheck.com
Questions?
If you have questions about our security practices or would like to request our SOC 2 report, please contact us.
Contact Security Team