Trust & Security

Security

Last Updated: December 30, 2024

Security Overview

At Never Expire Again, security is fundamental to everything we build. We understand that you're trusting us with important information about your business and personal assets, and we take that responsibility seriously.

This page outlines the security measures we have in place to protect your data.

Encryption

Data in Transit

  • All connections to Never Expire Again use TLS 1.2 or higher
  • We enforce HTTPS across all pages and API endpoints
  • We use HSTS (HTTP Strict Transport Security) to prevent downgrade attacks
  • Strong cipher suites only; weak ciphers are disabled

Data at Rest

  • Database storage is encrypted using AES-256
  • Backups are encrypted before being stored
  • Passwords are hashed using bcrypt with appropriate cost factors
  • Sensitive tokens are encrypted or hashed as appropriate

Infrastructure Security

  • Cloud Provider: Hosted on [CLOUD_PROVIDER] with enterprise-grade physical security
  • Data Center: Located in [DATA_CENTER_LOCATION]
  • Network Security: Firewalls, DDoS protection, and network segmentation
  • Regular Updates: Operating systems and dependencies are kept up to date
  • Redundancy: Multiple availability zones for high availability

Access Controls

For Users

  • Secure password requirements (minimum length, complexity)
  • Session management with automatic timeout
  • CSRF protection on all forms
  • Rate limiting to prevent brute force attacks

For Our Team

  • Principle of least privilege for all access
  • Multi-factor authentication required for all team members
  • Regular access reviews and prompt deprovisioning
  • Audit logs for all administrative actions
  • No direct database access in production without audit trail

Security Monitoring

  • 24/7 uptime and availability monitoring
  • Automated security scanning and vulnerability detection
  • Log aggregation and analysis for security events
  • Alerting for suspicious activities or anomalies

Incident Response

We maintain an incident response plan that includes:

  • Defined escalation procedures
  • Communication protocols for affected users
  • Root cause analysis and remediation
  • Post-incident review and improvement

In the event of a security incident affecting your data, we will notify you in accordance with applicable laws and our Data Processing Agreement.

Compliance

We design our systems and processes to help you meet your compliance requirements:

  • GDPR: Data protection controls and user rights support
  • Data Processing Agreements: Available for business customers
  • Data Portability: Export your data at any time
  • Data Deletion: Complete removal upon account deletion

Certifications: [LIST_CERTIFICATIONS_OR_STATE_IN_PROGRESS]

Vulnerability Disclosure

We value the security research community and welcome responsible disclosure of security vulnerabilities. If you discover a security issue, please report it to us privately.

How to Report

  • Email your findings to [SECURITY_EMAIL]
  • Include detailed steps to reproduce the vulnerability
  • Allow us reasonable time to investigate and address the issue before public disclosure

Our Commitment

  • We will acknowledge receipt within 48 hours
  • We will keep you informed of our progress
  • We will not take legal action against researchers acting in good faith
  • We will credit you (if desired) when we address the vulnerability

Scope

The following are in scope for security research:

  • neverexpireagain.com and its subdomains
  • Authentication and session management
  • Authorization and access control
  • Data exposure vulnerabilities

Please do not:

  • Access or modify other users' data
  • Perform denial of service attacks
  • Send phishing emails to our users or team
  • Test vulnerabilities on accounts you don't own

Security Contact

Security Team

Email: [SECURITY_EMAIL]

For general support inquiries, please use our Contact page.