CustomKeys is built with a security-first architecture. We treat your data with the highest level of protection.
All sensitive data is encrypted using AES-256-GCM. Encryption keys are managed using a secure key rotation policy.
All data sent between your client and our servers is encrypted using TLS 1.3. We use HSTS to ensure browsers only connect via HTTPS.
Our backend logic for secret derivation runs in an isolated environment. We use industry-standard practices to prevent side-channel attacks and unauthorized access.
We support and encourage the use of MFA for all users. We integrate with Supabase Auth to provide robust TOTP and WebAuthn options.
Every action taken within your organization is logged. These logs are immutable and can be used for compliance and security auditing.
If you think you've found a security vulnerability in CustomKeys, please report it to us immediately at security-customkeys@meuhan.resend.app.