Security at DockSweep

1. Data Encryption

1.1 Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. This ensures that your information cannot be intercepted or read by unauthorized parties during transmission.

• All connections use HTTPS with strong cipher suites
• SSL/TLS certificates are regularly updated
• HSTS (HTTP Strict Transport Security) is enforced

1.2 Encryption at Rest

Sensitive data stored in our databases is encrypted at rest using industry-standard encryption algorithms. This includes:

• Encrypted database storage
• Encrypted backup files
• Encrypted access tokens and credentials

2. Authentication and Access Control

2.1 Password Security

We never store your passwords in plain text. All passwords are:

• Hashed using bcrypt with appropriate cost factors
• Subject to minimum complexity requirements
• Protected against brute-force attacks with rate limiting

2.2 Multi-Factor Authentication

We support multi-factor authentication (MFA) to add an extra layer of security to your account. We strongly recommend enabling MFA for all accounts.

2.3 Access Tokens

When you connect your Docker registry, we store only encrypted access tokens. We never store your registry passwords. These tokens are:

• Encrypted before storage
• Only decrypted when needed for registry operations
• Never logged or exposed in error messages

3. Infrastructure Security

3.1 Cloud Infrastructure

Our infrastructure is hosted on reputable cloud providers with robust security measures:

• Regular security audits and compliance certifications
• Physical security controls at data centers
• Redundant systems for high availability
• Automated backups with point-in-time recovery

3.2 Network Security

Our network is protected by multiple layers of security:

• Firewalls and intrusion detection systems
• DDoS protection and mitigation
• Network segmentation and isolation
• Regular security monitoring and threat detection

4. Application Security

4.1 Secure Development Practices

We follow secure software development lifecycle (SDLC) practices:

• Regular security code reviews
• Automated vulnerability scanning
• Dependency updates and patch management
• Security testing and penetration testing

4.2 Input Validation and Sanitization

All user inputs are validated and sanitized to prevent:

• SQL injection attacks
• Cross-site scripting (XSS)
• Command injection
• Other injection-based attacks

4.3 API Security

Our APIs are secured with:

• Authentication tokens (JWT)
• Rate limiting to prevent abuse
• Request validation and authorization checks
• HTTPS-only communication

5. Monitoring and Incident Response

5.1 Security Monitoring

We continuously monitor our systems for security threats:

• 24/7 security monitoring and alerting
• Log analysis and anomaly detection
• Intrusion detection systems
• Regular security audits

5.2 Incident Response

In the event of a security incident, we have procedures in place to:

• Quickly identify and contain threats
• Assess the impact and scope
• Notify affected users promptly
• Remediate issues and prevent recurrence

6. Compliance and Certifications

We are committed to maintaining compliance with industry standards and regulations:

• GDPR compliance for European users
• Regular security assessments
• Third-party security audits
• Industry best practices and standards

7. Data Backup and Recovery

We maintain regular backups of all critical data:

• Automated daily backups
• Encrypted backup storage
• Point-in-time recovery capabilities
• Regular backup restoration testing

8. Your Role in Security

Security is a shared responsibility. Here's how you can help keep your account secure:

• Use a strong, unique password
• Enable multi-factor authentication
• Keep your access tokens secure
• Review your account activity regularly
• Report any suspicious activity immediately
• Keep your email account secure (used for password resets)

9. Security Best Practices for Registry Tokens

When connecting your Docker registry:

• Use personal access tokens instead of passwords when possible
• Create tokens with minimal required permissions
• Regularly rotate your access tokens
• Revoke tokens immediately if compromised
• Use separate tokens for different registries

10. Vulnerability Disclosure

We take security vulnerabilities seriously. If you discover a security vulnerability, please report it to us responsibly:

• Email: info@docksweep.com or security@docksweep.com
• Responsible Disclosure: Please allow us time to address the vulnerability before public disclosure
• Bug Bounty: We appreciate responsible disclosure and may offer recognition or rewards for valid security issues

11. Updates to This Security Page

We may update this Security page from time to time to reflect changes in our security practices or for other operational, legal, or regulatory reasons. We encourage you to review this page periodically.