Security at Aeon

We take security seriously. Here's how we protect your data and ensure reliable service delivery.

Infrastructure

Built on enterprise-grade cloud infrastructure

Serverless compute at the edge. No servers to patch, no infrastructure to manage. Automatic DDoS protection.

SQLite-based database with automatic encryption at rest. Data replicated across Cloudflare's global network.

Requests served from 300+ locations worldwide. Built-in WAF, bot protection, and rate limiting.

No persistent servers. Compute is ephemeral. Attack surface minimized by design.

Encryption and access controls at every layer

Encryption in transit: All connections use TLS 1.3. No unencrypted traffic accepted.
Encryption at rest: Database encrypted using Cloudflare-managed keys. Automatic key rotation.
No password storage: Magic link authentication eliminates password-related vulnerabilities.
Secure sessions: HttpOnly, Secure, SameSite cookies. HMAC-signed tokens with expiration.
Payment data: Handled entirely by Stripe. We never see or store card numbers.

We only work with trusted, security-focused vendors

Infrastructure & Security

SOC 2, ISO 27001, FedRAMP

Payment Processing

PCI DSS Level 1

Email Delivery

SOC 2 Type II

Secure development and operations practices

Code review: All code changes require review before deployment.
Dependency monitoring: Automated vulnerability scanning for dependencies.
Secrets management: API keys and credentials stored in secure vault, never in code.
Access controls: Principle of least privilege. Production access limited to essential personnel.
Audit logging: All administrative actions logged for review.

If you discover a security vulnerability, please report it responsibly. We appreciate your help keeping Aeon secure.

We commit to acknowledging reports within 48 hours and providing updates on remediation progress.