Enterprise-Grade Security

Your API keys and data are protected with multiple layers of security. We take security seriously so you can focus on building.

Security Features

AES-256 Encryption

All API keys are encrypted at rest using military-grade AES-256 encryption. Keys are never stored in plain text.

Zero-Knowledge Architecture

We can't see your decrypted API keys. Only your authorized requests can access the decrypted values.

TLS 1.3 in Transit

All data transmitted between your applications and our servers uses the latest TLS 1.3 encryption.

Encrypted Backups

Automated backups are encrypted and stored in geographically distributed locations for disaster recovery.

CORS & Origin Control

Configure allowed origins to ensure only your authorized domains can access your conduit links.

Role-Based Access

Team members have granular permissions. Owners manage billing while members handle day-to-day operations.

Security Practices

Rate Limiting

Prevent abuse with configurable rate limits at global and per-user levels.

  • Global rate limits per API key
  • Per-user limits with JWT verification
  • Automatic blocking of suspicious activity
  • Custom rate limit rules

Monitoring & Alerts

Real-time monitoring of API usage with instant alerts for anomalies.

  • Usage pattern analysis
  • Anomaly detection
  • Real-time alerts
  • Detailed audit logs

Incident Response

24/7 monitoring with rapid incident response for Pro and Enterprise customers.

  • 24/7 security monitoring
  • Automated threat detection
  • Rapid incident response
  • Post-incident analysis

Infrastructure Security

Network Security

  • DDoS protection with automatic mitigation
  • Web Application Firewall (WAF) protection
  • Regular penetration testing
  • Isolated network segments

Operational Security

  • Least privilege access controls
  • Multi-factor authentication for staff
  • Regular security training
  • Automated security scanning

Compliance & Certifications

SOC 2 Type II

In Progress

Q3 2025

ISO 27001

Planned

Q4 2025

GDPR Compliant

Active

CCPA Compliant

Active

Security Best Practices

Recommendations for Your Implementation

API Key Management

  • • Rotate API keys regularly
  • • Use separate keys for dev/staging/production
  • • Never commit keys to version control
  • • Monitor key usage for anomalies

Access Control

  • • Implement JWT verification
  • • Use CORS to restrict origins
  • • Apply path-based restrictions
  • • Enable rate limiting

Vulnerability Disclosure

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly.

Report vulnerabilities to:

[email protected]

We aim to respond within 24 hours and will work with you to understand and address the issue promptly.

Questions About Security?

Our security team is here to help. Whether you need details for compliance or have specific security requirements, we're ready to assist.

Connect Securely. Ship Faster.

© 2025 Conduit Link. All rights reserved.