Security

Data protection

• TLS 1.2+ enforced for all endpoints; HSTS enabled.
• API keys hashed at rest; secrets shown once on creation.
• Least-privilege access to production systems.

Authentication & keys

• Passwordless sign-in via magic link.
• Per-customer API keys with plan-specific rate limits.
• Rotate/deactivate keys from your account at any time.

Operational security

• Application monitoring and structured logs (with sensitive fields excluded).
• Nightly maintenance jobs for analytics views and log retention.
• Automated database backups with defined retention.

Responsible disclosure

If you believe you’ve found a security issue, please report it to security@boundaryiq.dev. We’ll acknowledge receipt and keep you updated.

Compliance

We process payments via Stripe. Card data never touches our servers. We follow reasonable industry practices to safeguard data, but no method of transmission or storage is 100% secure.