Security at Lubes.dev

Your security is our top priority. We implement industry-leading security practices to protect your data and applications.

Security Measures

Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

Infrastructure Security

Hosted on enterprise-grade infrastructure with 99.9% uptime SLA and DDoS protection.

Access Control

Role-based access control (RBAC) and multi-factor authentication (MFA) support.

Monitoring & Logging

24/7 security monitoring, intrusion detection, and comprehensive audit logs.

Infrastructure Security

Encrypted Backups

Automated daily backups with 30-day retention, encrypted and stored in multiple regions.

Network Isolation

Projects run in isolated environments with strict network segmentation and firewall rules.

Regular Updates

Infrastructure and dependencies are regularly updated with security patches.

Application Security

Input Validation

All user input is validated and sanitized to prevent injection attacks.

Secure Authentication

bcrypt password hashing, JWT tokens with short expiration, and OAuth 2.0 support.

API Security

Rate limiting, API key rotation, and comprehensive request validation.

Compliance

We are committed to meeting industry standards and regulations. Our compliance efforts include:

GDPR

Full compliance with EU data protection regulations

SOC 2 Type II

In progress - Security audit underway

ISO 27001

Planned for 2026

Vulnerability Disclosure

We take security vulnerabilities seriously. If you discover a security issue, please let us know right away. We investigate all legitimate reports and do our best to quickly fix the problem.

How to Report

Email security issues to: security@lubes.dev

Please include as much information as possible: affected endpoints, steps to reproduce, and potential impact.

Our Commitment

  • We will respond to your report within 48 hours
  • We will keep you informed about our progress fixing the issue
  • We will credit you for the discovery (unless you prefer to remain anonymous)
  • We will not take legal action against researchers who follow responsible disclosure

Please do not publicly disclose the vulnerability until we've had a chance to address it.

Questions about our security?

Contact our security team for more information

Contact Security Team