🔒

Security at ToolCenter

We take the security of your data seriously. Here's how we protect your information and ensure reliable service.

🔐

Encryption

  • All traffic encrypted with TLS 1.3 — HTTPS enforced on all endpoints
  • HSTS preload enabled with 1-year max-age
  • API keys hashed with bcrypt — we never store plaintext keys
  • Database connections encrypted in transit
🏗️

Infrastructure

  • Hosted on Hetzner Cloud in Germany (EU data residency)
  • Cloudflare CDN and DDoS protection on all endpoints
  • Automated daily backups with 30-day retention
  • 99.9% uptime with 24/7 automated monitoring
  • Redis-backed rate limiting to prevent abuse
📋

Data Handling

  • No persistent storage of processed content — screenshots, PDFs, and scraped data are streamed directly and not stored
  • API request logs retained for 30 days max (for debugging and abuse prevention)
  • No third-party analytics on API endpoints — only on the marketing website
  • We never sell or share your data with third parties
🛡️

API Security

  • Bearer token authentication on all API endpoints
  • IP whitelisting — restrict API key usage to specific IPs
  • Multiple API keys per account for environment isolation
  • Rate limiting per key with clear X-RateLimit headers
  • Security headers: X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy
🇪🇺

Compliance

  • GDPR compliant — EU data residency, data processing transparency
  • Stripe for payment processing (PCI DSS Level 1 certified)
  • Clear Privacy Policy and Terms of Service
  • Right to data deletion upon request

Questions about security?

We're happy to answer any security or compliance questions for your team.

[email protected]