Security isn't a feature — it's a foundation. Every license validation, every API call, and every byte of customer data flows through multiple layers of protection. Here's how we keep your licensing infrastructure safe.
Transport Layer Security
All communication with our API uses TLS 1.3, the latest version of the protocol. We enforce HSTS with a 1-year max-age and preloading, meaning browsers will never attempt an unencrypted connection.
Encryption at Rest
License keys, customer data, and audit logs are encrypted using AES-256-GCM at rest. Encryption keys are rotated automatically and stored in hardware security modules (HSMs).
Edge-Deployed Validation
Our validation runs on a global edge network across 300+ data centers worldwide. This provides sub-10ms validation latency while keeping data close to your users.
GDPR Compliance
We take data privacy seriously:
- Data minimization — we only store what's necessary
- Right to erasure — customers can request full data deletion
- Data portability — export all license data as CSV/JSON
- Audit logging — comprehensive trails for compliance
Security Headers
Every API response includes industry-standard security headers:
Strict-Transport-Security— enforces HTTPSContent-Security-Policy— prevents XSSX-Content-Type-Options: nosniff— prevents MIME sniffingX-Frame-Options: DENY— prevents clickjacking
Security is an ongoing process. We conduct regular penetration testing, maintain a responsible disclosure program, and continuously monitor our infrastructure for threats.
Ship licensing in your next release
5 licenses, 500 validations/month, full API access. Set up in under 5 minutes — no credit card required.