Legal · Security

Security at Distribute.

How we protect your applications, your data, and your infrastructure. Industry-standard practices, transparent operations, and a security team that reads every report.

Last reviewed · February 2025

Our commitment to security

At Distribute, security is our top priority. We implement industry-standard security practices to protect your applications, data, and infrastructure. This page outlines our security measures and best practices.

Infrastructure security

Docker containerization

All applications are deployed in isolated Docker containers, providing:

  • Process isolation between applications
  • Resource limits and quotas
  • Sandboxed execution environment
  • Minimal attack surface

Network security

We implement multiple layers of network security:

  • Built-in reverse proxy for traffic management
  • Automatic DDoS protection
  • Rate limiting on API endpoints
  • Network isolation between services

SSL/TLS encryption

All traffic is encrypted using industry-standard SSL/TLS protocols:

  • Automatic SSL certificate provisioning via Let's Encrypt
  • TLS 1.2 and 1.3 support
  • Strong cipher suites
  • Automatic certificate renewal
  • HTTPS enforcement for all domains

Authentication & access control

OAuth 2.0

We use Google OAuth 2.0 for secure authentication:

  • No password storage on our servers
  • Industry-standard OAuth flows
  • Secure token management
  • Session encryption

Access control

Each user's resources are strictly isolated:

  • Role-based access control (RBAC)
  • User-level resource isolation
  • API authentication and authorization
  • Audit logging of access attempts

Data protection

Encryption at rest

Your data is encrypted when stored:

  • Database encryption
  • Encrypted file storage
  • Secure configuration management

Backup & recovery

We implement comprehensive backup strategies:

  • Automated daily backups
  • Encrypted backup storage
  • Point-in-time recovery
  • Disaster recovery procedures

Application security

We follow secure development practices:

  • Regular security audits and penetration testing
  • Input validation and sanitization
  • CSRF protection
  • XSS prevention
  • SQL injection prevention
  • Dependency vulnerability scanning
  • Secure coding guidelines

Monitoring & incident response

24/7 monitoring

Our infrastructure is continuously monitored for:

  • Suspicious activity and intrusion attempts
  • Performance anomalies
  • Security events and alerts
  • System health and availability

Incident response

We have a dedicated incident response team ready to:

  • Respond immediately to security incidents
  • Investigate and contain threats
  • Communicate transparently with affected users
  • Implement remediation measures

Compliance & standards

We adhere to industry-recognized security standards:

  • OWASP Top 10 security practices
  • GDPR compliance for data protection
  • Regular security assessments
  • Industry best practices

Best practices for users

Help us keep your applications secure:

  • Use strong, unique passwords
  • Enable two-factor authentication when available
  • Keep your deployed applications up to date
  • Review access logs regularly
  • Report suspicious activity immediately
  • Don't share your account credentials

Responsible disclosure

If you discover a security vulnerability, we encourage responsible disclosure:

  • Email us at: [email protected]
  • Provide detailed information about the vulnerability
  • Allow us reasonable time to respond
  • Do not publicly disclose the issue until we've addressed it

We appreciate the security community's efforts and will acknowledge all valid reports.

Found a security issue?
Report it directly to our security team. We respond to every email and credit valid reports.
[email protected]