Security & Trust

Protecting your data is fundamental to Oblysk. Here's how we keep your information safe.

Data Protection

  • TLS 1.2+ in transit, AES-256 at rest
  • Auth via Clerk with bcrypt hashing
  • Payments via Stripe — we never see card details
  • HMAC-SHA256 inter-service authentication

Infrastructure

  • Hetzner + Cloudflare DDoS protection
  • Non-root Docker containers with limits
  • Automated dependency scanning (Dependabot)
  • HSTS, CSP, X-Frame-Options headers

Access Control

  • Role-based access for admin functions
  • API keys with bcrypt hashing
  • Triple-layered rate limiting

AI Data Handling

We send your brand name and URL to AI providers. We do not send personal information (email, name, payment details).

Providers: View full list

Monitoring & Response

  • Audit logging (12-month retention)
  • Sentry error tracking across all services
  • SEV-1/2/3 incident response plan
  • 72-hour breach notification (GDPR)

Data Residency

US-based infrastructure (AWS via Neon, Upstash, Clerk). Contact us if EU residency is required.

Compliance

GDPRData export, deletion, cookie consent
CCPADo Not Sell, GPC signal detection
CAN-SPAMUnsubscribe links on all emails
PCI DSSPayments via Stripe — we never see cards

Responsible Disclosure

Found a vulnerability? Report it to security@oblysk.ai

  • 48-hour acknowledgment
  • 5-day fix timeline
  • No legal action against responsible researchers
  • 90-day remediation window before public disclosure