BotSigged
Legal

Security Overview

Our security practices and infrastructure

Last updated: December 2025

Introduction

Security is fundamental to BotSigged. As a service that helps protect websites from automated threats, we hold ourselves to high security standards. This document provides an overview of our security practices.

Infrastructure Security

Hosting

  • Hosted on enterprise-grade cloud infrastructure
  • Geographically distributed for redundancy
  • Automatic scaling to handle traffic spikes
  • Regular infrastructure updates and patching

Network Security

  • All traffic encrypted with TLS 1.2+
  • Web Application Firewall (WAF) protection
  • DDoS mitigation
  • Network segmentation between services

Access Control

  • Role-based access control (RBAC)
  • Multi-factor authentication required for all team access
  • Principle of least privilege
  • Regular access reviews

Application Security

Secure Development

  • Security-focused code reviews
  • Static analysis and dependency scanning
  • No secrets in code repositories
  • Regular dependency updates

Data Protection

  • Encryption at rest using AES-256
  • Encryption in transit using TLS
  • Secure key management
  • Data minimization practices

Authentication

  • Passwords hashed using bcrypt
  • Session tokens with secure expiration
  • CSRF protection on all forms
  • Rate limiting on authentication endpoints

Operational Security

Monitoring

  • 24/7 infrastructure monitoring
  • Anomaly detection for unusual patterns
  • Centralized logging
  • Alert escalation procedures

Incident Response

  • Documented incident response plan
  • Designated security response team
  • Post-incident review process
  • Customer notification procedures

Business Continuity

  • Regular automated backups
  • Tested disaster recovery procedures
  • Geographic redundancy
  • Documented recovery time objectives

SDK Security

Client-Side Security

  • No sensitive data stored client-side
  • Session identifiers are randomly generated
  • SDK does not access or transmit form field values
  • Cross-origin protections

Data Minimization

The SDK collects only what’s necessary for bot detection:

  • Behavioral patterns (not content)
  • Technical fingerprints (not personal identifiers)
  • Timing data (not keystrokes or input values)

Compliance

Privacy Regulations

  • GDPR-compliant data processing
  • Data Processing Agreement available
  • Support for data subject requests
  • Privacy by design principles

Security Standards

  • Regular security assessments
  • Penetration testing
  • Vulnerability disclosure program

Vulnerability Disclosure

If you discover a security vulnerability, please report it responsibly:

  • Email: [email protected]
  • Do not publicly disclose until we’ve addressed the issue
  • We commit to acknowledging reports within 48 hours

Questions

For security-related inquiries: [email protected]