Security Policy

Your security is very important to us. This page outlines the security measures we have implemented in AntiTemp, which provides email verification and risk detection services. If you have any security-related questions, please feel free to contact us at support@antitemp.com.

We are committed to maintaining robust security protections. However, please note that our product is continuously improving. If you are working in a highly sensitive environment, please evaluate potential risks when using AntiTemp, just as you would with any other API service.

1. Infrastructure Security

AntiTemp is hosted on secure infrastructure, ensuring the integrity and privacy of your data. We focus on providing email verification and risk detection services with enterprise-grade security.

Key Points:

• Server Location: All of our servers are hosted in secure cloud environments with industry-standard security certifications (SOC 2, ISO 27001 compliance)

• Encryption: All data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256 encryption.

• Network Security: Our infrastructure employs firewalls, DDoS protection, and regular security audits

• Data Processing: Email addresses submitted for verification are processed in real-time and not permanently stored beyond temporary caching (less than 24 hours)

• Access Control: Role-based access control (RBAC) with multi-factor authentication (MFA) for all team members

2. API Security

We implement multiple layers of security for API access:

• API Key Authentication: All API requests must include a valid API key
• Rate Limiting: Prevents abuse and ensures fair usage across all users
• IP Whitelisting: Optional IP restrictions for enhanced security (available on Enterprise plans)
• Request Signing: Support for HMAC-based request signing for additional security
• HTTPS Only: All API endpoints require HTTPS connections

3. Data Protection

• No Permanent Storage: Email addresses submitted for verification are not stored permanently
• Minimal Data Collection: We collect only the data necessary to provide services
• Data Isolation: Each user's data is isolated and cannot be accessed by other users
• Regular Backups: Account and billing data is backed up regularly with encryption
• Secure Deletion: When you delete your account, all data is permanently removed within 30 days

4. Application Security

• Regular Security Audits: Our codebase undergoes regular security reviews
• Dependency Scanning: Automated scanning for vulnerabilities in third-party dependencies
• SQL Injection Protection: Parameterized queries and ORM usage prevent injection attacks
• XSS Prevention: Input sanitization and Content Security Policy (CSP) headers
• CSRF Protection: All state-changing operations require CSRF tokens

5. Vulnerability Reporting

If you believe you have discovered a security vulnerability in AntiTemp, please report it responsibly:

Email: security@antitemp.com

What to Include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Your contact information

Our Commitment:

• We will acknowledge your report within 2 business days
• We will investigate and respond with findings within 5 business days
• We will work to resolve critical vulnerabilities within 30 days
• We appreciate responsible disclosure and may offer bug bounties for significant findings

Please do not:

• Publicly disclose the vulnerability before we've had a chance to address it
• Attempt to access data that doesn't belong to you
• Disrupt our services during testing

6. Incident Response

In the event of a security incident:

1. We will immediately investigate and contain the issue
2. We will notify affected users within 72 hours
3. We will provide regular updates on the situation
4. We will conduct a post-mortem and implement preventive measures

7. Compliance

AntiTemp is designed to help you comply with:

• GDPR: Data minimization, right to deletion, data portability
• CCPA: Consumer privacy rights and data transparency
• CAN-SPAM: Email validation for compliance
• TCPA: Verification of email addresses for marketing consent

8. Account Security

To keep your account secure:

• Use a strong, unique password
• Enable two-factor authentication (2FA) when available
• Rotate API keys regularly
• Monitor your usage logs for unusual activity
• Report suspicious activity immediately

9. Account Deletion

You can delete your account at any time through the dashboard settings by clicking the "Delete Account" button. This action will:

• Permanently delete all account data
• Remove all usage history
• Cancel any active subscriptions
• Delete all API keys

We guarantee the complete deletion of your data within 30 days of your deletion request.

10. Security Best Practices for Users

When using AntiTemp:

• Store API keys securely (use environment variables, never commit to source control)
• Implement rate limiting on your end to prevent abuse
• Use HTTPS for all API requests
• Monitor your credit usage for unusual patterns
• Implement proper error handling to avoid information leakage
• Follow the principle of least privilege when granting API access

11. Updates and Maintenance

We regularly update our security measures and will notify you of:

• Planned maintenance windows (at least 24 hours in advance)
• Security updates that may affect your integration
• New security features and best practices

12. Third-Party Security

We carefully vet all third-party services:

• Stripe: PCI DSS compliant payment processing
• Supabase: Enterprise-grade authentication and database security
• Vercel: Secure hosting with automatic HTTPS and DDoS protection

13. Contact Us

For security-related questions or to report a vulnerability:

📧 Security Team: security@antitemp.com 📧 General Support: support@antitemp.com 🌐 Website: https://antitemp.com

We take security seriously and appreciate your help in keeping AntiTemp safe for everyone.

Last updated: November 2025