Security & Infrastructure

Built on dedicated European infrastructure with Cloudflare protection, enterprise-grade encryption, and hardened security at every layer.

Infrastructure Architecture

Cloudflare WAF

All traffic proxied through Cloudflare with DDoS protection, Web Application Firewall, and TLS termination.

  • DDoS mitigation
  • TLS 1.3 encryption
  • Origin IP hidden

API Server

FastAPI with async processing, Nginx reverse proxy with rate limiting, security headers, and HSTS enforcement.

  • Sub-100ms response times
  • Rate limiting (global + per-endpoint)
  • fail2ban intrusion prevention

PostgreSQL 16

Primary data store with 1.4M+ IOC records, atomic data refresh, and automated daily backups to encrypted off-site storage.

  • Atomic data refresh (zero downtime)
  • Daily encrypted backups
  • 30-day backup retention

Authentication

Self-hosted identity management with argon2id password hashing, JWT tokens, brute-force protection, and API key generation.

  • argon2id password hashing
  • Brute-force lockout (5 attempts)
  • Token blacklisting on logout

Redis 7

In-memory security layer for burst rate limiting, API key caching, login lockout counters, and token blacklisting.

  • Burst rate limiting
  • Auto-expiring TTL keys
  • Sub-millisecond lookups

Hetzner Cloud (EU)

Dedicated ARM server in Hetzner's ISO 27001 certified European data centers with GDPR-compliant data residency.

  • ISO 27001 certified
  • EU data residency
  • Hetzner Firewall + SSH hardening

Security Features

End-to-End Encryption

  • TLS 1.3 in transit: All API requests use HTTPS via Cloudflare with modern cipher suites
  • Encrypted backups: Daily PostgreSQL backups uploaded with SHA-1 verification to encrypted off-site storage
  • API key authentication: SHA-256 hashed keys with instant rotation support

Access Control

  • Brute-force protection: 5 failed login attempts trigger 30-minute account lockout
  • Multi-layer rate limiting: Nginx global limits, per-endpoint throttling, daily + burst quotas per API key
  • SSH hardening: Key-only authentication, root login disabled, Hetzner Cloud Firewall

Monitoring & Deployment

  • Auto-rollback deploys: Health check after every deploy; automatic revert on failure
  • fail2ban protection: Automatic IP banning on repeated auth failures or suspicious patterns
  • Docker isolation: All internal services bound to localhost; no direct external access

Data Privacy

  • No PII storage: We only store hashed indicators and metadata
  • EU data residency: Hetzner Cloud data centers in Germany (ISO 27001 certified; meets GDPR requirements)
  • GDPR-aligned: Data Processing Agreements available for Enterprise customers

Compliance & Standards

Infrastructure Security

  • Hetzner Cloud (ISO 27001, SOC 1/2, GDPR certified)
  • Cloudflare WAF with DDoS protection and bot management
  • Automated deploy pipeline with health-check rollback

Data Protection

  • GDPR-compliant data processing with EU residency
  • Automated daily backups with 30-day retention and integrity verification
  • Data Processing Agreements (DPA) for Enterprise customers

Enterprise Compliance: Need custom DPAs, specific compliance requirements, or dedicated infrastructure? Contact our sales team for enterprise packages.

Incident Response & Vulnerability Management

Security Monitoring

Our infrastructure is monitored with automatic alerting for:

  • Elevated error rates
  • Unusual traffic patterns
  • Service health failures
  • Database system errors

Vulnerability Disclosure

We take security vulnerabilities seriously. If you discover a security issue:

Email: security@reput.io

We commit to acknowledging reports within 24 hours and providing status updates every 3 days until resolution.

Questions About Our Security?

Our team is happy to answer any security, compliance, or infrastructure questions.

Contact SalesEmail Security Team