Security & Trust
How we protect your data and keep Alert24 reliable
Built on Cloudflare's Global Edge
Runs on Cloudflare Workers — serverless, no single server to compromise
Globally distributed across 300+ data centers
No self-managed servers, VMs, or containers — Cloudflare manages the infrastructure
Automatic DDoS protection via Cloudflare
Data encrypted in transit (TLS 1.3)
Data encrypted at rest (Cloudflare managed encryption)
Authentication & Access Control
Multiple authentication methods and fine-grained access controls to keep your account secure.
Google OAuth SSO
Sign in with Google for seamless, secure access.
Microsoft OAuth SSO
Azure AD integration for enterprise single sign-on.
Username & Password
Passwords hashed with bcrypt — never stored in plaintext.
Two-Factor Authentication
TOTP-based 2FA with any authenticator app.
MFA Enforcement
Organization admins can require MFA for all team members.
API Keys
Scoped API keys with configurable expiration and instant revocation.
Role-Based Access Control
RBAC with granular permissions — owner, admin, member, and viewer roles.
Session Management
Session expiry, device tracking, and the ability to revoke sessions remotely.
Application Security
Webhook Signature Verification
HMAC-SHA256 signature verification on all inbound webhooks to prevent spoofing.
API Rate Limiting
Per-key and per-IP rate limiting to protect against abuse and brute-force attacks.
CSRF Protection
Cross-site request forgery protection on all state-changing operations.
Content Security Policy
Strict CSP headers to prevent XSS and other injection attacks.
No Third-Party Tracking
No third-party analytics or tracking scripts on customer status pages.
Audit Logs
Detailed audit logs of all account activity, available on Pro plans.
Your Data, Your Control
Data stored on Cloudflare D1 (SQLite on the edge)
Webhook payloads logged for debugging (configurable retention)
Export your data at any time via the REST API
Request full data deletion at any time
No data sold to third parties — ever
Minimal data collection — we only store what's needed to run the service
Subprocessors
Third-party services that process data on behalf of Alert24.
| Provider | Purpose | Data Processed |
|---|---|---|
| Cloudflare | Infrastructure, database, caching, DNS | All application data |
| Stripe | Payment processing | Billing information |
| Twilio | SMS and voice call alerts | Phone numbers, notification content |
| Pushmail | Email notifications | Email addresses, notification content |
| Cloudflare AI Gateway | AI postmortem generation (optional) | Incident timeline data |
Compliance Roadmap
SOC 2 Type II
SOC 2 Type II certification is on our roadmap. Contact us for details on timeline and current controls.
GDPR
Data processing follows Cloudflare's DPA. EU data subject requests are honored promptly.
Data Retention
Configurable per plan. Pro plans include up to 1 year of data retention.
Audit Logs
Available on Pro and Enterprise plans. Track all account activity with detailed event logs.
Security Researchers
We value the security research community. If you've found a vulnerability, please report it responsibly.
Email: [email protected]
We aim to acknowledge reports within 48 hours and provide a resolution timeline within 5 business days.
Please do not publicly disclose vulnerabilities before we've had a chance to address them.
Questions about our security practices?
Contact us at [email protected] or reach out to [email protected] for your specific compliance requirements.