We take the security of your data and infrastructure seriously. Here's exactly what we do to protect you.
All traffic between your client and MockRoute is encrypted with TLS 1.2+. HTTP connections are permanently redirected to HTTPS.
Passwords are hashed using bcrypt with a work factor of 12. We never store plaintext passwords and enforce minimum complexity requirements.
Each endpoint is scoped to its owner. Subdomains are validated against ownership before any response is served. Cross-tenant access is architecturally impossible.
We collect only what is necessary to operate the service. Request log bodies are stored only for configured retention periods and purged automatically.
Administrative access to infrastructure is logged and audited. We alert on anomalous access patterns and conduct regular access reviews.
Found a security issue? Please report it responsibly to security@mockroute.app. We aim to acknowledge reports within 24 hours and resolve critical issues within 72 hours.
We operate a responsible disclosure programme. If you discover a vulnerability, please email security@mockroute.app with details. Please do not publicly disclose issues until we have had a chance to address them.
Contact Security Team