Security & Infrastructure

Built on AWS serverless architecture with enterprise-grade security, encryption, and compliance standards.

AWS Serverless Architecture

API Gateway v2

HTTP API with automatic HTTPS encryption, request throttling, and DDoS protection.

  • TLS 1.2+ encryption
  • API key authentication
  • CloudWatch logging

Lambda Functions

Containerized Python functions with automatic scaling, zero maintenance, and sub-100ms response times.

  • Docker containers
  • Blue-green deployment
  • Automatic scaling

DynamoDB

NoSQL database with on-demand scaling, encryption at rest, and point-in-time recovery.

  • Encryption at rest (AES-256)
  • Point-in-time recovery
  • On-demand scaling

AWS Cognito

User identity management with MFA support, password policy enforcement, and API key generation.

  • API key authentication
  • Secure password hashing
  • Key rotation support

S3 Storage

Object storage for CIDR caches and large datasets with versioning and lifecycle policies.

  • Server-side encryption
  • Versioning enabled
  • Private access only

CloudWatch

Comprehensive monitoring, alarms, and logging for all infrastructure components.

  • Real-time metrics
  • Error rate alarms
  • Audit logging

Security Features

End-to-End Encryption

  • TLS 1.2+ in transit: All API requests use HTTPS with modern cipher suites
  • AES-256 at rest: DynamoDB and S3 data encrypted with AWS KMS
  • API key authentication: SHA-256 hashed keys with instant rotation support

Access Control

  • API key authentication: Secure key validation with in-memory caching
  • Rate limiting: Token bucket algorithm prevents abuse
  • IAM roles: Least-privilege access for all AWS resources

Monitoring & Alerts

  • Real-time monitoring: CloudWatch metrics for all services
  • Error rate alarms: Automatic alerts for anomalies
  • Audit logging: Complete request history in CloudWatch Logs

Data Privacy

  • No PII storage: We only store hashed indicators and metadata
  • US region: Data residency in AWS us-east-1 (N. Virginia)
  • GDPR compliant: Data processing agreements available for Enterprise

Compliance & Standards

Infrastructure Security

  • AWS infrastructure (SOC 2, ISO 27001, PCI DSS certified)
  • Infrastructure as Code (Terraform) for audit trails
  • Automated security scanning and vulnerability management

Data Protection

  • GDPR-compliant data processing (EU region available)
  • Point-in-time recovery and automated backups
  • Data Processing Agreements (DPA) for Enterprise customers

Enterprise Compliance: Need SOC 2 reports, custom DPAs, or specific compliance requirements? Contact our sales team for enterprise compliance packages.

Incident Response & Vulnerability Management

Security Monitoring

Our infrastructure is monitored 24/7 with automatic alerting for:

  • Elevated error rates
  • Unusual traffic patterns
  • Lambda function failures
  • Database system errors

Vulnerability Disclosure

We take security vulnerabilities seriously. If you discover a security issue:

Email: security@reput.io

We commit to acknowledging reports within 24 hours and providing status updates every 3 days until resolution.

Questions About Our Security?

Our team is happy to answer any security, compliance, or infrastructure questions.

Contact SalesEmail Security Team