Security
AudioSpliter takes security seriously. This page outlines our security practices.
Infrastructure Security
- Cloud provider: AWS with SOC 2 Type II certification
- Network: VPC isolation, private subnets for processing workers
- Firewalls: WAF and network-level firewalls on all public endpoints
- DDoS protection: AWS Shield Standard on all endpoints
Data Security
- Encryption in transit: TLS 1.2+ for all API and file transfers
- Encryption at rest: AES-256 for all stored files
- Key management: AWS KMS for encryption key management
- Data isolation: Per-tenant storage isolation
Authentication Security
- API keys: Hashed using bcrypt before storage (plaintext never stored)
- JWT tokens: RS256 signed, 1-hour expiration
- Webhook signatures: HMAC-SHA256 with per-account secrets
- Rate limiting: Per-key rate limits to prevent brute force
Application Security
- Input validation: All inputs are validated and sanitized
- SQL injection: Parameterized queries throughout
- CORS: Restricted to configured origins
- CSP: Content Security Policy headers on all responses
- Dependency scanning: Automated vulnerability scanning with Snyk
Operational Security
- Access control: Principle of least privilege for all team members
- Audit logging: All administrative actions are logged
- Incident response: Documented incident response procedures
- Backups: Daily encrypted backups with 30-day retention
Vulnerability Reporting
If you discover a security vulnerability, please report it responsibly:
- Email: security@audiospliter.com
- PGP key: Available at audiospliter.com/.well-known/security.txt
We acknowledge reports within 24 hours and aim to resolve critical vulnerabilities within 72 hours.
Compliance
| Standard | Status |
|---|---|
| GDPR | Compliant |
| SOC 2 Type II | In progress |
| HIPAA | Not applicable (do not process PHI) |
| PCI DSS | Handled by Stripe (payment processor) |
Security Updates
Subscribe to security advisories at status.audiospliter.com for notifications about security incidents and patches.