ProbecastProbecast

Security Policy

How we protect your data and how to report vulnerabilities responsibly.

Responsible Disclosure

We take security seriously and appreciate the work of researchers who help us keep Probecast safe. If you discover a security vulnerability, please report it responsibly.

Report a vulnerability:

security@probecast.io

Please include: a description of the vulnerability, steps to reproduce and any proof-of-concept. Do not publicly disclose the vulnerability until we have had a chance to address it.

Our commitment

  • We will acknowledge your report within 24 hours
  • We will provide an initial assessment within 72 hours
  • We will keep you informed of our progress toward a fix
  • We will not take legal action against researchers who follow this policy

Breach Notification

In the event of a data breach that affects your personal information, we commit to:

  • Notifying the relevant Data Protection Authority within 72 hours of discovery (GDPR Article 33)
  • Notifying affected users without undue delay when the breach is likely to result in a high risk to their rights (GDPR Article 34)
  • Providing clear information about: what data was affected, what we are doing about it and what steps you can take
  • Publishing a post-incident report on our status page

Infrastructure Security

Encryption

  • TLS 1.3 for all connections
  • AES-256-GCM encryption at rest
  • Bcrypt password hashing

Access Control

  • Internal API token authentication
  • JWT with short-lived tokens (5 min)
  • No direct database access from frontend

Rate Limiting

  • Per-IP and per-user rate limiting
  • Strict limits on authentication endpoints
  • DDoS protection via CDN

Data Protection

  • Daily encrypted backups (30-day retention)
  • Automatic data cleanup by plan tier
  • Full account deletion within 24 hours

GDPR Compliance

Probecast is designed with GDPR compliance from the ground up:

  • Right to access: View all your data in the dashboard
  • Right to portability: Export your data as JSON from Settings
  • Right to erasure: Delete your account and all associated data
  • Right to rectification: Edit your profile and monitoring configuration at any time
  • Data minimization: We only collect data necessary for the service
  • Cookie consent: Analytics only load after explicit consent

Contact

Acknowledgments

We thank all security researchers who have helped us improve Probecast. If you responsibly disclose a valid vulnerability, we will acknowledge you here (with your permission).

// last updated: April 2026