ipasis

Security, Trust & Compliance at IPASIS

At IPASIS, security is at the core of everything we build. Our platform processes global IP intelligence data and helps customers detect fraud, abuse, and malicious activity. Protecting your data and infrastructure is our highest priority.

We follow industry-standard security practices across application design, infrastructure, monitoring, and operations.

Infrastructure Security

Hosting: IPASIS runs on Google Cloud Platform (GCP) with isolated production environments, strict IAM policies, and region-appropriate data storage.

Key practices:

  • All services run on Cloud Run with sandboxed containers.
  • Cloud SQL (PostgreSQL) with automated backups and encryption.
  • Strict firewall rules and VPC-level network isolation.
  • Encryption at rest (AES-256) and in transit (TLS 1.2/1.3).
  • Secrets stored in GCP Secret Manager, never in code.
  • Regular dependency scanning and vulnerability checks.

Application Security

We follow secure development best practices:

  • HTTPS everywhere.
  • Strict API key authentication for all requests.
  • Rate limiting, abuse protection, and anomaly detection.
  • Audit logs for sensitive operations.
  • Automated testing and continuous deployment.
  • Regular internal code reviews.
  • No sensitive personal data is processed.

Data Security

IPASIS does not store or process personally identifiable information (PII). We only process:

  • IP addresses.
  • ASN / company attribution.
  • VPN / proxy / Tor detection metadata.
  • Abuse listing data.

No customer PII is collected unless you voluntarily provide it for account creation.

Backups:

  • Automated daily backups.
  • 7 / 14 / 30 day retention.
  • Encrypted at rest.

Compliance

We follow industry-standard best practices and are building toward formal certifications.

Currently adhered standards:

  • GDPR-compliant data processing (no unnecessary personal data).
  • SOC2-aligned internal controls (logging, access control, change management).
  • ISO 27001-inspired operational policies.
  • Data residency considerations.
  • Cookie & privacy transparency.

We do not claim SOC2 or ISO certification yet — but all systems are designed to meet those standards.

Responsible Disclosure / Bug Reporting

If you find a security issue, please contact our security team at: contact@ipasis.com.

We aim to respond within 72 hours.

Uptime & Monitoring

  • Real-time monitoring on all services.
  • Automated alerting (PagerDuty / email).
  • Redundant instances.
  • No single points of failure.

Third-Party Access

We never sell or share customer data.

Limited third-party services include:

  • GCP (hosting).
  • Stripe / LemonSqueezy (billing).
  • PostHog / analytics (optional, anonymized).

Questions?

Email: contact@ipasis.com

We are always improving our security posture and welcome feedback.