Home / Security

Security

Security is fundamental to everything we build. We employ industry-standard practices and continuously monitor our systems to protect your data.

Infrastructure Security

Cloud infrastructure hosted on AWS with DDoS protection, firewalls, and intrusion detection.

Data Encryption

AES-256 encryption at rest and TLS 1.3 in transit. API keys encrypted at application level.

Access Control

Two-factor authentication, role-based access controls, and session management.

Data Protection

Daily automated backups with point-in-time recovery and geographic redundancy.

Security Monitoring

24/7 automated monitoring with real-time alerting and incident response procedures.

Payment Security

Stripe-powered payments with PCI DSS Level 1 compliance. We never store card data.

Infrastructure & Data Protection

Our infrastructure is hosted on Amazon Web Services (AWS) with Cloudflare CDN for DDoS protection. All data is encrypted using AES-256 at rest and TLS 1.3 in transit. Daily automated backups with 30-day retention are replicated across multiple AWS availability zones. API keys and sensitive credentials are encrypted at the application level before storage.

Compliance & Privacy

We maintain compliance with GDPR for EU customers and CCPA for California residents. Payment processing is handled exclusively by Stripe (PCI DSS Level 1 certified)—we never store credit card numbers or CVV codes. Your monitoring data is never shared with third parties or used for purposes beyond providing our service. See our Privacy Policy for complete details.

Vulnerability Disclosure

We appreciate the security research community's efforts to responsibly disclose vulnerabilities and welcome reports from security researchers and users.

Reporting a Vulnerability

If you believe you've discovered a security vulnerability in our systems, please report it to us by emailing:

Security Contact:
support@generatorlabs.com

What to Include in Your Report

To help us understand and address the issue quickly, please include the following information:

  • A detailed description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact of the vulnerability
  • Any relevant screenshots, logs, or proof-of-concept code
  • Your contact information for follow-up questions
  • Whether you would like public credit for the discovery

Our Response Process

When you report a security issue to us, we commit to:

  • Acknowledge receipt within 48 hours of your report
  • Provide regular updates on our progress investigating and addressing the issue
  • Work with you to understand the full scope and impact of the vulnerability
  • Credit you publicly in our security acknowledgments (if you wish)
  • Keep you informed when the issue is resolved

Responsible Disclosure Guidelines

To protect our users and systems, we ask that you:

Please Do:

  • Report the vulnerability as soon as possible
  • Provide sufficient detail for us to reproduce the issue
  • Give us reasonable time to fix the issue before public disclosure
  • Use only test accounts or your own accounts for testing

Please Do Not:

  • Publicly disclose the vulnerability before we've had time to address it
  • Access, modify, or delete data that doesn't belong to you
  • Perform any attacks that could harm our services or users (DoS, DDoS, etc.)
  • Exploit the vulnerability beyond what's necessary to demonstrate it
  • Test physical security measures or conduct social engineering attacks
  • Violate any laws in your testing activities

Scope

This policy applies to:

  • generatorlabs.com (public website)
  • portal.generatorlabs.com (customer portal)
  • docs.generatorlabs.com (documentation)
  • All Generator Labs APIs and services

Out of Scope

The following are explicitly out of scope:

  • Denial of Service (DoS/DDoS) attacks
  • Physical security testing
  • Social engineering attacks against employees
  • Spam or social media account takeovers
  • Reports of missing security headers without demonstrable impact
  • Reports from automated scanning tools without verification

Safe Harbor

Generator Labs considers security research conducted in accordance with this policy to be:

  • Authorized in accordance with the Computer Fraud and Abuse Act (CFAA)
  • Exempt from DMCA restrictions
  • Protected from legal action if conducted in good faith

We will not pursue legal action against researchers who follow these guidelines and report vulnerabilities responsibly.

Security Acknowledgments

We maintain a list of security researchers who have helped improve our security. If you'd like to be recognized for your contribution, please let us know in your report.

Questions About Security?

If you have any questions about our security practices or need more information, please contact our security team.

Contact Security Team

Last Updated: February 2026
PGP Key: Available upon request