Infrastructure Security
Encryption in Transit
All API traffic is encrypted with TLS 1.2+ (HTTPS only)
All API traffic is encrypted with TLS 1.2+ (HTTPS only)
Encryption at Rest
All stored data is encrypted with AES-256
All stored data is encrypted with AES-256
Cloud Security
Hosted on AWS with VPC isolation, WAF protection, and DDoS mitigation
Hosted on AWS with VPC isolation, WAF protection, and DDoS mitigation
Access Controls
Strict IAM policies, multi-factor authentication for all staff
Strict IAM policies, multi-factor authentication for all staff
Application Security
API Key Security
Keys are hashed before storage. We never store plaintext keys.
Keys are hashed before storage. We never store plaintext keys.
Rate Limiting
Protection against abuse and brute-force attacks
Protection against abuse and brute-force attacks
Input Validation
All inputs are sanitized and validated
All inputs are sanitized and validated
Security Headers
CSP, HSTS, X-Frame-Options, and more
CSP, HSTS, X-Frame-Options, and more
Operational Security
- Regular security audits and penetration testing
- Continuous monitoring and alerting
- Incident response procedures
- Employee security training
- Vendor security assessments
Reporting Vulnerabilities
If you discover a security vulnerability, please report it to security@thalosforge.com. We take all reports seriously and will respond within 24 hours.
Please do not publicly disclose vulnerabilities until we've had a chance to address them.