Security
Enterprise-grade protection for your data
Security is at the core of everything we build. MCPFED is designed with a security-first architecture to protect your credentials, data, and integrations.
Security Features
AES-256 Encryption
All credentials and sensitive data are encrypted at rest using AES-256, the industry standard for secure encryption.
Secure Key Management
API keys and OAuth tokens are stored in isolated, encrypted vaults with strict access controls.
SOC 2 Type II Compliant
Our infrastructure and processes meet SOC 2 Type II standards for security, availability, and confidentiality.
Zero Knowledge Architecture
We cannot access your unencrypted credentials. Only you can authorize their use.
Regular Audits
Independent security firms conduct penetration testing and vulnerability assessments quarterly.
Automatic Token Rotation
OAuth tokens are automatically rotated to minimize exposure from potential breaches.
How We Protect Your Data
Encryption at Rest
All stored data, including API keys, OAuth tokens, and personal information, is encrypted using AES-256 encryption. Encryption keys are managed through a secure key management system with automatic rotation.
Encryption in Transit
All data transmitted between your browser and our servers uses TLS 1.3 encryption. We enforce HTTPS on all connections and use HSTS headers to prevent downgrade attacks.
Credential Isolation
Your API keys and credentials are stored in isolated encrypted vaults. Each user's credentials are segregated with unique encryption keys, ensuring that a breach of one account cannot affect others.
Access Controls
We implement the principle of least privilege across our infrastructure. Access to production systems requires multi-factor authentication and is logged and audited. Employee access is reviewed quarterly.
Secure Infrastructure
Our infrastructure is hosted on SOC 2 certified cloud providers with physical security, redundant power, and network isolation. We use containerized deployments with regular security patches and updates.
Compliance & Certifications
SOC 2 Type II
Security, availability, and confidentiality controls
GDPR
European data protection regulations
CCPA
California Consumer Privacy Act
HIPAA
Healthcare data protection (Business Associate Agreement available)
ISO 27001
Information security management
Vulnerability Disclosure
Responsible Disclosure Program
We take security seriously and appreciate the security research community's efforts to improve our service. If you discover a security vulnerability, please report it to us responsibly.
Reporting Guidelines:
- Provide detailed steps to reproduce the vulnerability
- Include the potential impact assessment
- Allow us reasonable time to investigate and fix the issue
- Do not access or modify other users' data
- Do not perform denial of service attacks
Report Security Vulnerabilities
Email: security@mcpfed.com
Please encrypt sensitive reports using our PGP key (available upon request).
Security Best Practices for Users
Use Strong Passwords
Use unique, complex passwords. We recommend using a password manager.
Rotate API Keys Regularly
Periodically rotate your API keys, especially if you suspect they may be compromised.
Review Connected Services
Regularly audit your connected services and remove any you no longer use.
Use Least Privilege
Only grant the minimum permissions necessary for each integration.
Questions About Security?
Our security team is available to answer any questions about our security practices.