Transmit LogoOrange rounded square with white chevron arrow pointing righttransmit.dev

Security

Your data. Our obsession.

Security is at the core of everything we build. From encryption to access controls, we protect your data at every layer.

Compliance Standards

We're building toward the highest industry standards for security and privacy.

SOC 2

Working toward SOC 2 Type II certification. Our controls are designed to meet the Trust Services Criteria for security, availability, and confidentiality.

In Progress

GDPR

Fully compliant with the General Data Protection Regulation. We respect data subject rights and provide tools for data portability and deletion.

Compliant

CCPA

Compliant with the California Consumer Privacy Act. California residents have full access to their data rights including access, deletion, and opt-out.

Compliant

Data Encryption

Your data is encrypted at every stage of its journey through our platform.

  • AES-256 at rest

    All stored data is encrypted using AES-256 encryption with managed key rotation.

  • TLS 1.3+ in transit

    All data in transit uses TLS 1.3 with strong cipher suites. We enforce HTTPS everywhere.

  • DKIM, SPF & DMARC

    Email authentication protocols prevent spoofing and ensure message integrity.

API requests encrypted with TLS 1.3
Database encrypted with AES-256
Backups encrypted at rest
API keys hashed with bcrypt

Infrastructure Security

Multi-cloud architecture with geographic redundancy for maximum reliability and security.

Multi-Cloud

Distributed across OVH, AWS, Google Cloud, and Oracle Cloud for redundancy and performance.

Network Security

DDoS protection, WAF, and network segmentation. All traffic filtered and monitored.

Access Control

Role-based access, MFA required for all internal systems, and principle of least privilege.

Monitoring

24/7 monitoring with automated alerting. Real-time threat detection and response.

Organizational Security

  • Background checks for all team members
  • Regular security awareness training
  • Principle of least privilege access
  • Secure software development lifecycle (SDLC)
  • Mandatory code reviews for all changes

Product Security

  • API key hashing and rate limiting
  • OWASP Top 10 compliance
  • Comprehensive audit logging
  • Input validation and sanitization
  • Regular penetration testing

Internal Procedures

Incident Response

Documented incident response procedures with defined escalation paths. We commit to notifying affected customers within 72 hours of a confirmed breach.

Disaster Recovery

30-day backup retention with point-in-time recovery. Multi-region redundancy ensures data availability even during regional outages.

Business Continuity

Documented business continuity plans ensure operations continue during disruptions. Regular testing and updates keep plans current.

Data & Privacy

We collect only what we need and delete it when we don't. Your data rights are built into our platform.

Email Content

Retained for 30 days, then permanently deleted

Metadata & Logs

Retained for 365 days for analytics and troubleshooting

Deletion Rights

Request complete data deletion at any time via dashboard or email

Read our Privacy Policy

Responsible Disclosure

We believe security researchers make the internet safer. If you discover a vulnerability, we want to hear from you.

  • Safe harbor for good-faith security research
  • We won't pursue legal action against responsible disclosure
  • Credit in our security acknowledgments (if desired)
support@transmit.dev

Questions about security?

Our team is ready to discuss your security requirements and answer any questions.

Contact Security Team