Skip to main content

Security & Privacy

Understand our unique approach to security and privacy, and why we do things differently.

Our Security Philosophy

Why don't you have user accounts or logins?

As a cybersecurity company, we take security seriously - especially yours. We've made a deliberate choice not to have user accounts:

Why we don't collect user data:

  • No data = No breaches: We can't lose what we don't have
  • Zero attack surface: No user database means no target for hackers
  • Privacy by design: Your information stays with you
  • Beyond compliance: We exceed regulations by not collecting data at all

How it works instead:

  • Payment handled by Stripe (industry leader in secure payments)
  • API key sent directly to your email
  • Subscription management through Stripe's portal
  • No passwords to remember or reset

While other companies collect user data for marketing benefits, we've chosen security and privacy over data collection. We're a cybersecurity company that practices what we preaches.

How is this approach more secure?

Our no-account model provides superior security:

Traditional approach risks:

  • User databases are prime targets for hackers
  • Password breaches affect millions
  • Personal information exposure
  • Account takeover attacks
  • Insider threats

CyberSecFeed approach benefits:

  • No user database to breach
  • No passwords to steal
  • No personal information stored
  • Minimal attack surface
  • Simplified compliance

By not collecting data, we eliminate entire categories of security risks.

Privacy Protection

What information do you collect?

We collect the absolute minimum:

What we receive from Stripe:

  • Notification of successful payment
  • Subscription ID (for API key generation)
  • Email address (to send your API key)

What we DON'T collect or store:

  • Names
  • Addresses
  • Payment card details
  • Phone numbers
  • User profiles
  • Usage tracking beyond API quota

Your privacy is protected by design, not just by policy.

Where is my payment information stored?

All payment information is stored exclusively with Stripe, never with us.

About Stripe:

  • PCI DSS Level 1 certified (highest level)
  • Used by millions of businesses worldwide
  • Bank-level encryption
  • Comprehensive fraud protection
  • Regular security audits

Your card details:

  • Never touch our servers
  • Encrypted end-to-end
  • Tokenized for recurring billing
  • Managed entirely by Stripe

We chose Stripe after careful evaluation because they meet the highest security standards in the payment industry.

How do you protect my API key?

Your API key security is paramount:

Generation & Delivery:

  • Generated using cryptographically secure methods
  • Sent only to your email address
  • One-time delivery (we don't store it after sending)
  • Unique to your subscription

Your responsibilities:

  • Keep your API key secret
  • Don't commit it to public repositories
  • Use environment variables in production
  • Rotate by purchasing new subscription if compromised

Important: We cannot recover lost API keys. Store yours securely!

Compliance & Standards

How do you handle data privacy regulations?

We exceed most data privacy regulations through our approach:

GDPR (Europe):

  • ✅ We don't collect personal data
  • ✅ No data to delete (right to be forgotten)
  • ✅ No data to port (data portability)
  • ✅ Minimal data principle exceeded

CCPA (California):

  • ✅ No personal information sold
  • ✅ No data to request
  • ✅ Privacy by default

Other regulations:

  • We typically exceed requirements by not collecting data
  • Stripe handles payment compliance
  • Simplified compliance through data minimization
What security measures do you have in place?

Our security measures include:

Infrastructure:

  • API hosted on secure cloud infrastructure
  • DDoS protection
  • Encrypted data transmission (TLS 1.3)
  • Regular security updates

Operational:

  • No user data to protect
  • Minimal attack surface
  • API keys are the only authentication
  • Automated security scanning

Monitoring:

  • API usage monitoring
  • Anomaly detection
  • Abuse prevention
  • 24/7 uptime monitoring

Best Practices

How should I secure my API key?

Follow these best practices:

Storage:

# Use environment variables
export CYBERSECFEED_API_KEY="your-key-here"

# Never hardcode in source files
# Bad: api_key = "abc123..."
# Good: api_key = os.environ.get('CYBERSECFEED_API_KEY')

Security tips:

  • Store in secure password manager
  • Use environment variables in code
  • Never commit to version control
  • Rotate if possibly compromised
  • Different keys for dev/prod (buy separate subscriptions)

Git security:

# Add to .gitignore
.env
*.key
config/secrets.yml
What if my API key is compromised?

If you suspect your API key is compromised:

  1. Immediate action: Stop using the compromised key
  2. Purchase new subscription: Get a fresh API key
  3. Update your applications: Replace old key with new
  4. Review security: Check how the compromise happened
  5. Cancel old subscription: Via Stripe portal if needed

Since we don't store user data, a compromised key only affects API access, not personal information.

Trust & Transparency

Why should I trust your approach?

Our approach is built on verifiable security principles:

Transparency:

  • Clear about what we do (and don't) collect
  • Open about our security philosophy
  • Using industry-standard providers (Stripe)

Accountability:

  • As a cybersecurity company, our reputation depends on security
  • We use the services we recommend
  • Security-first decisions, even when inconvenient

Verification:

  • No hidden data collection
  • You can verify our claims (no cookies, no tracking)
  • Stripe's security is independently audited

We're not just another company talking about security - we're a cybersecurity company living it.