MSP Domain Watch
Features Pricing Partners How It Works Blog About Contact
Log In Start Free Trial

Security Practices

We take the security of your data seriously. Here's how we protect the MSP Domain Watch platform and your information.

Infrastructure Security

MSP Domain Watch is hosted on enterprise-grade cloud infrastructure with redundant systems, automated backups, and monitoring. Our infrastructure providers maintain SOC 2, ISO 27001, and other industry certifications. All systems are regularly updated with security patches.

Data Encryption

In transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. API communications are encrypted end-to-end.

At rest: Sensitive data including credentials and API keys are encrypted at rest using AES-256. Database backups are encrypted.

Access Control

We implement the principle of least privilege across all systems. Employee access to production systems is limited, logged, and reviewed regularly. Multi-factor authentication is required for all internal access. Customer data is isolated using multi-tenant architecture with application-level and database-level access controls.

Application Security

Our application is built with security best practices: CSRF protection on all forms, input validation and output encoding to prevent injection attacks, secure session management, rate limiting to prevent abuse, and Content Security Policy headers. We use automated security scanning as part of our development pipeline.

Tenant Isolation

MSP Domain Watch is a multi-tenant platform. Every database query is scoped to the authenticated tenant. PostgreSQL row-level security provides an additional layer of data isolation at the database level. Cross-tenant access is prevented by both application logic and database constraints.

Vulnerability Management

We perform regular security audits of our codebase and infrastructure. Dependencies are monitored for known vulnerabilities and updated promptly. We welcome responsible disclosure of security issues — contact us at the address below.

Incident Response

We maintain an incident response plan that includes detection, containment, investigation, remediation, and communication procedures. In the event of a security incident affecting customer data, we will notify affected customers within 72 hours.

Security Contact

To report a security vulnerability or ask questions about our security practices:

[email protected]

We take all security reports seriously and will respond within one business day.