At VisitorAPI, security and privacy are at the core of everything we do. We understand that trust is earned through transparency and strong security practices. This page outlines our commitment to protecting your data and ensuring the security of our services.
All communication between your applications and VisitorAPI is secured with industry-standard HTTPS encryption:
256-bit SSL/TLS Encryption: Every API request and response is encrypted using 256-bit SSL/TLS protocols, ensuring that data transmitted between your application and our servers cannot be intercepted or read by third parties.
Certificate Authority Verification: Our SSL certificates are issued by trusted Certificate Authorities (CAs) and are regularly updated to maintain the highest security standards.
Secure API Endpoints: All VisitorAPI endpoints are HTTPS-only. HTTP requests are automatically redirected to HTTPS to ensure no unencrypted data is ever transmitted.
Privacy is paramount to us. VisitorAPI is designed with a privacy-first approach:
Zero Data Retention: We do not store any visitor data from your API requests. Once a request is processed and the response is sent, no personal or identifying information is retained on our servers.
No User Tracking: VisitorAPI does not track, profile, or create databases of end-user information. Each API request is processed independently without creating user histories or profiles.
No Third-Party Data Sharing: Since we don’t store visitor data, there is no data to share with third parties. Your visitors’ information remains exclusively between your application and our API at the moment of the request.
IP Address Processing: While IP addresses are used to provide geolocation data, they are processed in real-time and are not logged or stored after the request is completed.
Our infrastructure is built with security best practices:
Secure Data Centers: VisitorAPI services are hosted in secure, SOC 2 compliant data centers with 24/7 monitoring, redundant power supplies, and physical security controls.
DDoS Protection: Our infrastructure includes advanced DDoS protection to ensure service availability and protect against malicious attacks.
Regular Security Audits: We conduct regular security audits and vulnerability assessments to identify and address potential security issues proactively.
Network Isolation: Our systems use network segmentation and isolation to minimize the impact of any potential security incidents.
We implement multiple layers of security for API access:
Domain-Based Authentication: VisitorAPI uses header-based authentication to verify requests against authorized domains configured in your project settings. This allows you to safely use the API directly from your frontend. Only requests from your approved domains are accepted, providing secure authentication.
Request Validation: All API requests are validated and sanitized to prevent injection attacks and other security vulnerabilities.
CORS Support: Proper Cross-Origin Resource Sharing (CORS) headers are implemented to work seamlessly with authorized domains while preventing unauthorized cross-site access.
VisitorAPI is designed to help you maintain compliance with privacy regulations:
GDPR Friendly: Our no-storage policy and minimal data processing make VisitorAPI compatible with GDPR requirements.
CCPA Compliant: We process only the minimum necessary information to provide the service and retain no personal data.
Privacy by Design: Security and privacy are built into every aspect of our service architecture, not added as an afterthought.
We maintain strict operational security practices:
Access Controls: Access to our systems is strictly controlled with multi-factor authentication and follows the principle of least privilege.
Employee Training: All team members receive regular security awareness training to maintain best practices.
Incident Response: We maintain an incident response plan to quickly address and resolve any security concerns.
Monitoring and Logging: Our systems are continuously monitored for suspicious activity, with logging practices that balance security needs with privacy commitments.
You play an important role in maintaining security:
Manage Authorized Domains: Configure and maintain your authorized domains list in your project settings. Only add domains you control and trust to access your VisitorAPI project.
Review Domain Access Regularly: Periodically review your authorized domains list and remove any domains that no longer need access to your project.
Monitor Usage: Regularly review your API usage through the dashboard to detect any unusual activity or unauthorized access patterns.
Secure Your Dashboard: Protect your VisitorAPI account with a strong password and enable multi-factor authentication to prevent unauthorized changes to your project settings.
We take security concerns seriously and encourage responsible disclosure:
Contact Us: If you discover a security vulnerability or have security concerns, please contact us immediately.
Response Time: We aim to acknowledge security reports within 24 hours and will work with you to understand and address the issue.
Coordinated Disclosure: We follow coordinated disclosure practices and will credit researchers who report issues responsibly (unless they prefer to remain anonymous).
We believe in transparency about our security practices:
Updates: We will notify customers of any security issues that may affect their use of VisitorAPI through email updates.
Documentation: Our security practices are documented and regularly updated to reflect our current implementations.
If you have questions about our security practices or would like more information, please don’t hesitate to contact us.
Last Updated: October 12, 2024