Security & Trust

Security at Authex

As a security company, we hold ourselves to the highest standards. Here's how we protect your data and maintain your trust.

Infrastructure & encryption

Enterprise-grade infrastructure with defense in depth at every layer.

EU & US Data Centers

All data is processed and stored in SOC 2 certified data centers in the European Union and the United States. You choose where your data lives.

Encryption at Rest

All stored data is encrypted at rest using AES-256 encryption. Database backups and object storage are encrypted with managed encryption keys.

Encryption in Transit

All data in transit is encrypted using TLS 1.3. API endpoints enforce HTTPS and HSTS. Internal service communication uses mutual TLS.

Access Controls

Strict role-based access controls with principle of least privilege. All administrative access requires multi-factor authentication and is fully audited.

Compliance & certifications

We pursue rigorous third-party certifications so you can trust us with confidence.

In Progress

SOC 2 Type II

We are actively working toward SOC 2 Type II certification. Our security controls are designed to meet the Trust Services Criteria for security, availability, and confidentiality.

Compliant

GDPR Compliant

Authex is fully GDPR compliant. We offer EU data residency, data processing agreements, and honor all data subject rights including access, rectification, and erasure.

Compliant

CCPA Compliant

We comply with the California Consumer Privacy Act. California residents can exercise their rights to know, delete, and opt-out of data sharing.

What data does Authex process?

Authex processes email authentication data - never the content of your emails.

DNS records

SPF, DKIM, DMARC, MTA-STS, and BIMI records

DMARC aggregate reports

XML reports from receiving mail servers

DMARC forensic reports

Failure reports with redacted recipient data

Email metadata

Sending IPs, hostnames, authentication results

Never email content

Authex never accesses, reads, or stores the body or subject line of any email

Responsible disclosure

We value the work of security researchers. If you've found a vulnerability in Authex, we want to hear about it. Please report it responsibly and we'll work with you to resolve it quickly.

Report vulnerabilities to

security@authexlabs.com

We ask that you give us reasonable time to address any issues before public disclosure. We do not pursue legal action against researchers who act in good faith.

Questions about
our security?

Our team is happy to discuss our security practices, provide documentation, or complete your vendor security questionnaire.

Contact UsScan Your Domain

We respond to security inquiries within one business day.