SendAuth Documentation

⌘K

Security

How SendAuth protects your data and infrastructure

Security

We don’t just talk about security — we implement it.

SendAuth is engineered with layered security controls that meet the highest enterprise standards. Your authentication data is protected at every layer, from infrastructure to application.

Infrastructure Security

AWS Cloud Hosting

SendAuth runs entirely on Amazon Web Services, leveraging AWS’s world-class security infrastructure:

  • ISO 27001, SOC 2, and FedRAMP certified data centers
  • Physically isolated, redundant infrastructure
  • 24/7 monitoring and automated threat detection
  • Geographic redundancy for disaster recovery

Encryption at Rest

All data is encrypted at rest using AWS-managed encryption services:

  • Amazon S3 with AES-256 server-side encryption (SSE-S3)
  • Amazon RDS with AES-256 encryption for database storage
  • AWS Key Management Service (KMS) for key lifecycle management

Encryption in Transit

Every connection to SendAuth is secured:

  • All public connections require at least TLS 1.2 and prefer TLS 1.3.
  • HTTPS enforced on all endpoints — no exceptions
  • Perfect forward secrecy (PFS) enabled
  • Automatic certificate management and renewal

Authentication & Access Control

Multi-Factor Authentication

MFA is mandatory for all users — always enforced, never optional:

  • Required for all account access
  • Required for all administrative operations
  • No fallback to single-factor authentication
  • Support for TOTP authenticators and hardware security keys

Sensitive Data Handling

User authentication credentials receive the highest level of protection:

  • Passwords and sensitive authentication data are hashed only — never encrypted or stored in reversible form
  • Industry-standard hashing algorithms with proper salting
  • Authentication secrets are never logged or exposed in application data

Application Security

Content Security Policy

Strict CSP headers protect against cross-site scripting and injection attacks:

  • Restrictive default policies blocking inline scripts
  • Explicit allowlisting of trusted sources only
  • Frame ancestors restricted to prevent clickjacking
  • Report-URI configured for CSP violation monitoring

Software Updates

Security patches are applied aggressively:

  • Critical vulnerabilities patched within 7 days of disclosure
  • Automated dependency scanning and alerts
  • Container images rebuilt with latest security updates
  • No end-of-life software in production

Security Testing & Compliance

Penetration Testing

We validate our security controls through independent testing:

  • Annual penetration testing by qualified third-party assessors
  • Remediation reviews to verify fixes
  • Scope includes infrastructure, application, and API layers
  • Findings tracked to resolution

Continuous Monitoring

Security is monitored continuously, not just tested annually:

  • Real-time alerting on suspicious activity
  • Centralized logging with tamper-evident storage
  • Automated vulnerability scanning
  • Incident response procedures tested and maintained

Your Data, Protected

SendAuth is built from the ground up with security as a core requirement — not an afterthought. Every architectural decision prioritizes the protection of your authentication data and your users’ privacy.

Questions about our security practices? Contact us.