Trust requires high security standards down to the core.
Data is always encrypted, both while on transit and at rest. In transit using strong, modern TLS. And at rest we use one of the strongest block chipers available, 256-bit Advanced Encryption Standard (AES-256). Additionally, all secret keys are automatically rotated on a regular basis.
All data is safely stored within the European Union, currently in Germany. This facilitates compliance with privacy regulations, and leverages the EU's strong standards for data protection.
Our infrastructure has automated vulnerability scanning, threat detection, and bot protection. Our partners Cloudflare and Amazon Web Services, are industry leaders in security.
Our systems continuously monitor for failures, and escalate to our team as needed to minimize downtime and prevent issues for our users. We strive for 99.95% uptime.
Our web application is designed and frequently tested with OWASP Top 10 in mind. This accounts for the most common types of attacks such as injection, broken authentication, XSS, CSRF, and several others.
Security best practices
We enforce two-factor authentication on all accounts with access to our infrastructure. All secrets are encrypted, and keys rotated regularly. All development equipment uses disk encryption. We follow the Principle of Least Privilege at all levels of our infrastructure.
Have a security concern?
If you have found a vulnerability in Panelbear, please contact us by email at [email protected]
We ask you to:
- Provide us with a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
- Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service.
- Only interact with accounts you own or with explicit permission of the account holder.
If you are reporting a sensitive issue, please encrypt your message using our PGP key:
ID: 0x50F6891F Fingerprint: E65B 9891 F41B ECD3 93D6 C84D CBC5 71A3 50F6 891F