Security at MXScan

Your security and privacy are our top priorities. Learn about our security practices and commitments.

Data Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

Secure Authentication

Passwords are hashed using bcrypt. We support 2FA and secure session management.

PCI-DSS Compliance

Payment processing via Stripe ensures PCI-DSS Level 1 compliance. We never store card data.

Regular Audits

We conduct regular security audits, penetration testing, and vulnerability assessments.

Infrastructure Security

  • Cloud Infrastructure – Hosted on secure, SOC 2 compliant infrastructure
  • DDoS Protection – Advanced DDoS mitigation and rate limiting
  • Firewall Protection – Multi-layer firewall and intrusion detection
  • Backup & Recovery – Automated daily backups with disaster recovery plans
  • Monitoring – 24/7 security monitoring and incident response

Application Security

  • Input Validation – All user inputs are validated and sanitized
  • SQL Injection Protection – Parameterized queries and ORM usage
  • XSS Prevention – Output encoding and Content Security Policy
  • CSRF Protection – Token-based CSRF protection on all forms
  • Secure Headers – HSTS, X-Frame-Options, and other security headers

Access Control

  • Principle of Least Privilege – Users and systems have minimal necessary access
  • Role-Based Access – Granular permissions based on user roles
  • Audit Logging – All access and changes are logged for review
  • Employee Access – Limited employee access with mandatory 2FA

Data Privacy

  • GDPR Compliant – Full compliance with EU data protection regulations
  • Data Minimization – We only collect necessary data
  • Right to Deletion – Users can request data deletion at any time
  • Data Portability – Export your data in standard formats

Incident Response

In the event of a security incident:

  • We have a documented incident response plan
  • Affected users will be notified within 72 hours
  • We work with security researchers and law enforcement as needed
  • Post-incident reviews are conducted to prevent recurrence

Responsible Disclosure

We welcome security researchers to report vulnerabilities responsibly. If you discover a security issue:

  • Email us at security@mxscan.me
  • Provide detailed information about the vulnerability
  • Allow us reasonable time to address the issue before public disclosure
  • We do not currently offer a bug bounty program but appreciate responsible disclosure

Security Certifications

We are working towards the following certifications:

  • SOC 2 Type II (in progress)
  • ISO 27001 (planned)

Questions?

For security-related questions or to report a vulnerability, contact us at security@mxscan.me.