Keygen = Security

Our team has built state-of-the-art security into our product suite, so that you can rest easy knowing your data is safe with us.


Encryption In-Transit

We use 256-bit encryption at all levels of our systems. We enforce TLS (HTTPS) to protect sensitive data transmitted to and from applications.


Encryption At-Rest

All data is encrypted at-rest with industry-standard AES-256 block-level storage encryption. Keys are securely managed by Amazon EBS.


Password + Secret Hashing

We never store passwords or secrets as clear text. Passwords and API access tokens are securely hashed using industry-standard bcrypt, and all secrets are securely encrypted in-transit and at-rest.


Two-Factor Authentication

We have strong 2FA policies for all Keygen employees, and we allow you to do the same by supporting 2FA for all Dashboard admin users.


Cryptographic Signatures

We provide cryptographic signatures of all API requests, and we provide the ability to sign and encrypt license keys, all to help combat common licensing attack vectors such as man-in-the-middle attacks.


DDoS Mitigation

Our infrastructure provides DDoS mitigation techniques including TCP Syn cookies and connection rate limiting in addition to maintaining multiple backbone connections and scaleable internal bandwidth capacity.


Physical Security

Our infrastructure utilizes ISO 27001 and FISMA certified data centers managed by Heroku and Amazon.


Environmental Safeguards

Our data and infrastucture providers employ power systems designed to be fully redundant in the event of an electrical failure, in addition to automatic fire detection and suppression systems, and climate control.


ISO 27001, 27017, 27018

Our infrastructure and data providers, Heroku and AWS, have achieved ISO 27001, ISO 27017, and ISO 27018 certifications.


SOC 1, 2, 3

Our infrastructure and data providers, Heroku and AWS, have achieved SOC 1, SOC 2, and SOC 3 certifications.


PCI Compliance

Our payment processor, Stripe, used for encrypting and processing card and bank details, is PCI DSS Level 1 compliant.


GDPR Compliance

We are a fully GDPR compliant Data Processor. Read more about what we do to ensure users' privacy in our privacy policy.


Security Questions

Have other questions related to security? Ask away.