Security First

We Practice What We Preach

Your security findings are sensitive data. We protect them with the same rigor we help you achieve for your own systems.

Tenant Isolation

Each customer operates in a fully isolated environment. Data, configurations, and findings never cross tenant boundaries.

RBAC & 2FA

Role-based access control with granular permissions. Two-factor authentication enforced for all accounts.

Audit Logging

Every action is logged with timestamps, actor identity, and context. Logs are immutable and retained per compliance requirements.

Secure Report Sharing

Share reports via time-limited, revocable links. Links return unified error responses to prevent enumeration attacks.

No-Cache Headers

Sensitive pages include cache-control headers to prevent local storage of findings in browser caches or proxies.

Product Console Noindex

SpoofSentry's authenticated console includes noindex directives. Only this marketing site is intended for public indexing.

Data Protection

Encryption at Rest

All data stored using AES-256 encryption with managed keys.

Encryption in Transit

TLS 1.3 enforced for all API and console connections.

Data Retention Policies

Configurable retention periods with automatic purging of expired data.

Backup & Recovery

Regular encrypted backups with tested disaster recovery procedures.

Data Residency

Enterprise plans support regional data residency requirements.

Access Controls

Role-Based Access Control

Granular permissions for viewers, operators, and admins.

Two-Factor Authentication

2FA required for all accounts using TOTP or WebAuthn.

Session Management

Automatic session expiry and concurrent session limits.

SSO Integration

Enterprise plans support SAML 2.0 and OIDC for identity federation.

IP Allowlisting

Optional IP restrictions for console and API access.

About Search Engine Indexing

Only this marketing site (netallion.com) is intended for public search engine indexing. SpoofSentry's authenticated console and partner portal include noindex directives to prevent indexing of authenticated application pages.

This ensures your DMARC reports, domain configurations, and enforcement data remain private and are not discoverable through search engines.

Responsible Disclosure

We welcome security researchers who help us improve our platform.

Report a Vulnerability

If you discover a security issue, please report it responsibly.

In Scope

  • netallion.com and subdomains
  • spoofsentry.com and subdomains
  • partners.domainseal.app

Out of Scope

  • Social engineering attacks
  • Physical attacks
  • Denial of service
  • Third-party services we use

We commit to acknowledging reports within 48 hours and providing updates on remediation progress. Researchers who follow responsible disclosure practices may be eligible for recognition.

Questions About Security?

Our team is happy to discuss security controls, compliance requirements, and enterprise deployment options.

Contact Us
Security - How We Protect Your Data | Netallion