Security at Sendo
Last updated: January 10, 2026
Security is at the core of everything we do. We implement industry-leading practices to protect your data and ensure the integrity of our service.
🔒 TLS/SSL Encryption
🛡️ SOC 2 Type II
🇪🇺 GDPR Compliant
⚡ DDoS Protection
🔐 Bcrypt Hashing
1. Data Encryption
1.1 In Transit
- TLS 1.3: All connections use the latest TLS protocol
- HTTPS Everywhere: No unencrypted HTTP traffic
- Perfect Forward Secrecy: Session keys cannot be compromised
- HSTS: HTTP Strict Transport Security enforced
1.2 At Rest
- AES-256 Encryption: Database encryption at rest
- Encrypted Backups: All backups are encrypted
- Bcrypt: Passwords hashed with bcrypt (cost factor 12)
- Key Management: Secure key rotation and storage
2. Infrastructure Security
- Cloud Hosting: Deployed on secure, certified infrastructure
- DDoS Protection: Cloudflare protection against attacks
- Firewall: Web Application Firewall (WAF) enabled
- Network Isolation: Databases in private networks
- Regular Patching: Automated security updates
3. Application Security
- Input Validation: All user input sanitized and validated
- SQL Injection Protection: Parameterized queries only
- XSS Prevention: Content Security Policy headers
- CSRF Protection: Token-based CSRF prevention
- Rate Limiting: API and login rate limits
4. Access Control
- Role-Based Access: Granular permissions by role
- 2FA Support: Two-factor authentication available
- SSO: Single Sign-On for Enterprise (Google/Microsoft)
- Session Management: Secure session handling with expiration
- IP Whitelisting: Restrict access by IP (Enterprise)
5. Compliance & Certifications
- GDPR: Full compliance with EU data protection laws
- CCPA: California Consumer Privacy Act compliant
- SOC 2 Type II: Annual audits (Enterprise customers)
- ISO 27001: Information security management (in progress)
6. Monitoring & Response
- 24/7 Monitoring: Automated threat detection
- Intrusion Detection: Real-time security alerts
- Incident Response: Dedicated security team
- Audit Logs: Complete activity logging (Pro+)
- Vulnerability Scanning: Regular automated scans
7. Business Continuity
- Daily Backups: Automated encrypted backups
- Disaster Recovery: Multi-region redundancy
- Uptime SLA: Up to 99.99% for Enterprise
- Failover: Automatic failover systems
8. Responsible Disclosure
If you discover a security vulnerability:
- Email: security@sndo.app
- Do not publicly disclose until we've addressed it
- We'll respond within 48 hours
- Bug bounty program available for qualifying issues
9. Security Best Practices for Users
- Use strong, unique passwords
- Enable two-factor authentication
- Review audit logs regularly (Pro+)
- Limit API key permissions
- Rotate API keys periodically
