Keygen = Security

Our team has built state-of-the-art security into our product suite, so that you can rest easy knowing your data is safe with us.

graphic_eq

Encryption In-Transit

We use 256-bit encryption at all levels of our systems. We enforce TLS (HTTPS) to protect sensitive data transmitted to and from applications.

storage

Encryption At-Rest

All data is encrypted at-rest with industry-standard AES-256 block-level storage encryption. Keys are securely managed by Amazon EBS.

verified_user

Password + Secret Hashing

We never store passwords or secrets as clear text. Passwords and API access tokens are securely hashed using industry-standard bcrypt, and all secrets are securely encrypted in-transit and at-rest.

screen_lock_portrait

Two-Factor Authentication

We have strong 2FA policies for all Keygen employees, and we allow you to do the same by supporting 2FA for all Dashboard admin users.

fingerprint

Cryptographic Signatures

We provide cryptographic signatures of all API requests, and we provide the ability to sign and encrypt license keys, all to help combat common licensing attack vectors such as man-in-the-middle attacks.

vpn_lock

DDoS Mitigation

Our infrastructure provides DDoS mitigation techniques including TCP Syn cookies and connection rate limiting in addition to maintaining multiple backbone connections and scaleable internal bandwidth capacity.

vpn_key

Physical Security

Our infrastructure utilizes ISO 27001 and FISMA certified data centers managed by Heroku and Amazon.

local_fire_department

Environmental Safeguards

Our data and infrastucture providers employ power systems designed to be fully redundant in the event of an electrical failure, in addition to automatic fire detection and suppression systems, and climate control.

policy

ISO 27001, 27017, 27018

Our infrastructure and data providers, Heroku and AWS, have achieved ISO 27001, ISO 27017, and ISO 27018 certifications.

lock

SOC 1, 2, 3

Our infrastructure and data providers, Heroku and AWS, have achieved SOC 1, SOC 2, and SOC 3 certifications.

payment

PCI Compliance

Our payment processor, Stripe, used for encrypting and processing card and bank details, is PCI DSS Level 1 compliant.

check_circle

GDPR Compliance

We are a fully GDPR compliant Data Processor. Read more about what we do to ensure users' privacy in our privacy policy.

question_answer

Security Questions

Have other questions related to security? Ask away.