Skip to main content

Security

Your data security is our top priority. Learn about the comprehensive measures we take to protect your information.

Security Overview

SnapConsent employs industry-leading security practices and technologies to ensure the confidentiality, integrity, and availability of your data. We maintain a comprehensive security program that includes technical, administrative, and physical safeguards.

Our security measures are designed to meet and exceed compliance requirements for GDPR, CCPA, and other global privacy regulations.

Data Encryption

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.3 with strong cipher suites. We enforce HTTPS across all endpoints and utilize HSTS (HTTP Strict Transport Security).

Encryption at Rest

All stored data is encrypted using AES-256 encryption. Database backups and archives are also encrypted with separate encryption keys.

Key Management

Encryption keys are managed using industry-standard key management systems with regular key rotation and secure key storage in hardware security modules (HSMs).

Infrastructure Security

Cloud Infrastructure

Hosted on AWS with enterprise-grade security, utilizing VPCs, security groups, and network ACLs for defense in depth.

DDoS Protection

AWS Shield and CloudFlare provide automatic DDoS mitigation and protection against volumetric attacks.

Web Application Firewall

WAF rules protect against OWASP Top 10 vulnerabilities, SQL injection, XSS, and other common attack vectors.

Load Balancing & Redundancy

Multi-region deployment with automatic failover ensures high availability and reliability.

Access Control

  • Multi-Factor Authentication: Required for all administrative accounts
  • Role-Based Access Control: Principle of least privilege for all system access
  • Session Management: Secure session handling with automatic timeout
  • API Security: OAuth 2.0 and API key authentication with rate limiting

Monitoring & Logging

Our comprehensive monitoring system includes:

  • • 24/7 security monitoring and alerting
  • • Intrusion detection and prevention systems
  • • Comprehensive audit logging of all access and changes
  • • Real-time threat intelligence integration
  • • Anomaly detection using machine learning
  • • Security information and event management (SIEM)

Incident Response

Our incident response plan ensures rapid detection and mitigation of security incidents:

1.

Detection & Analysis

Immediate identification and assessment of potential incidents

2.

Containment & Eradication

Isolate affected systems and remove threats

3.

Recovery & Restoration

Restore systems to normal operation with enhanced security

4.

Post-Incident Review

Learn from incidents to improve security posture

Business Continuity

  • • Automated daily backups with point-in-time recovery
  • • Geographically distributed backup storage
  • • Regular disaster recovery drills and testing
  • • Recovery Time Objective (RTO): 4 hours
  • • Recovery Point Objective (RPO): 1 hour
  • • 99.9% uptime SLA

Compliance & Certifications

SnapConsent maintains compliance with:

GDPR

General Data Protection Regulation

CCPA

California Consumer Privacy Act

SOC 2 Type II

Security, Availability, Confidentiality

ISO 27001

Information Security Management

Security Testing

Regular security assessments ensure our defenses remain robust:

  • • Annual third-party penetration testing
  • • Quarterly vulnerability assessments
  • • Continuous automated security scanning
  • • Code reviews and static analysis
  • • Dependency scanning for known vulnerabilities
  • • Security training for all employees

Employee Security

All SnapConsent employees undergo:

  • • Background checks before employment
  • • Security awareness training
  • • Annual security certification
  • • Strict confidentiality agreements
  • • Regular phishing simulation tests

Data Residency

Choose where your data is stored:

United States

AWS US-East-1 (Virginia)

AWS US-West-2 (Oregon)

European Union

AWS EU-Central-1 (Frankfurt)

AWS EU-West-1 (Ireland)

Reporting Security Issues

We appreciate the security research community's efforts in helping keep SnapConsent secure. If you discover a security vulnerability, please report it responsibly:

Security Contact

security@snapconsent.com

Please encrypt sensitive information using our PGP key (available upon request)

Questions?

For more information about our security practices or to request our detailed security documentation:

Security Team: security@snapconsent.com

Compliance: compliance@snapconsent.com