Sign InStart Free
Netwarden
Sign InStart Free

Security

What we do with your monitoring data, what we encrypt, who can see what, and what is logged. No corporate hand-waving.

Encryption

TLS 1.3 in transit. AES-256-GCM for OAuth tokens and other sensitive fields at rest. Disk-level encryption on the underlying storage.

Hosting

AWS EKS in us-east-2. Kubernetes network policies isolate the namespace. Private subnets for the database; no public ingress.

Authentication

Email plus password with argon2id hashing. Email-based MFA with trusted-device opt-in. Google and GitHub OAuth available.

Audit logging

Every authentication event and every config-changing API call lands in audit_events. Retained for 90 days on hosted, indefinitely on self-hosted.

Incidents

Status page at status.netwarden.com. We post within 15 minutes of confirming an issue. A small team, not a 24/7 SOC. We are honest about that.

Data handling

We do not sell, rent, or share your data. If you want a copy or a delete, email support and we will turn it around within a business day.

Data Protection

Encryption Standards

  • AES-256 encryption for data at rest
  • TLS 1.3 for all data in transit
  • AES-256-GCM encryption for OAuth tokens
  • Bcrypt password hashing with strong work factors

Data Handling

  • Data residency controls and regional storage
  • Automated data retention and deletion policies
  • Regular data backup and recovery testing
  • Data anonymization and pseudonymization

Infrastructure Security

Cloud Security

  • AWS EKS in us-east-2
  • Network isolation between application tiers
  • Cloudflare in front of public endpoints
  • Automated dependency and image updates

Application Security

  • Input validation with Zod schemas at every API boundary
  • CSRF protection and rate limiting
  • Security event audit log (login, MFA, injection attempts)
  • Bearer-token auth with rotating per-tenant keys

Access Control & Authentication

User Authentication

  • Multi-factor authentication (MFA) required
  • SSO integration with SAML and OAuth 2.0
  • Session management with automatic timeouts
  • Password strength enforcement and hashing

Authorization

  • Role-based access control (RBAC)
  • Principle of least privilege enforcement
  • Regular access reviews and deprovisioning
  • API key management and rotation

Security Contact & Reporting

Security Issues

Report security vulnerabilities or concerns

Email: [email protected]

PGP Key: Available upon request

Response Time: Within 24 hours

Privacy & Data Questions

Questions about how we handle and protect your data

Email: [email protected]

Privacy Policy: /privacy

Self-Hosted: Run on your own infrastructure