Counterspine Counterspine

Security

How we protect you, and the people in our database

Counterspine aggregates a public dataset that contains personal information by design (notice senders' names, emails, residential addresses). Handling it carelessly would re-victimize the people the takedown record already exposes. Here is how we approach it.

Authentication & access

  • Bcrypt password hashing with 12 rounds (Devise default in production).
  • Optional TOTP two-factor authentication for all accounts (Pro and above).
  • API keys are stored as SHA-256 digests; only the last four characters are recoverable.
  • Workspace-scoped access at every layer: every controller action and every API endpoint enforces a server-side authorization check.
  • Embed sessions are bound to a single workspace; cross-workspace navigation is forbidden.

Data residency & retention

  • EU customers' data is stored in Frankfurt (eu-central-1).
  • Notice records are retained while the underlying source still publishes them. When Lumen, Google, or the DSA Database removes a record, we mirror the deletion within 24 hours.
  • Workspace data (watched domains, alerts, drafts) is purged 30 days after subscription cancellation, unless legally retained.

Privacy redaction in the public lookup

The public lookup tool at /lookup does not surface personal information from notice bodies (names, emails, postal addresses). We redact server-side before render. This is the law (GDPR Art. 6(1)(f) balancing), but it is also the right thing to do — the takedown record contains a lot of names that should never have been published unredacted, and we are not going to amplify that.

SSRF guardrails

We ingest external URLs by design, which is a textbook SSRF attack surface. Every outbound fetch is routed through a proxy that rejects private IP ranges, link-local addresses, internal hostnames, and anything that resolves to a known cloud-metadata endpoint.

Vendor stack

  • Hosting: Hetzner Cloud (eu-central-1), provisioned via Kamal.
  • Database: PostgreSQL 17 with daily encrypted snapshots.
  • Cache & queue: Redis 7.
  • Email: Mailgun EU.
  • Payments: Stripe (PCI DSS Level 1).
  • Error tracking: Sentry (self-hosted).

Vulnerability disclosure

Found something? Email [email protected] — we respond within 48 hours, fix critical issues within 7 days, and credit researchers in our changelog.

Compliance

  • GDPR + UK GDPR compliant data processing agreement available on request.
  • EU DSA Article 16 reporting fully implemented for the Compliance Widget add-on.
  • U.S. TAKE IT DOWN Act 48-hour SLA tracker for the Compliance Widget.
  • SOC 2 Type II in progress (target completion: Q4 2026).

Take back control
of your takedown surface

Set up your first watched domain in 60 seconds. See every notice ever filed against it. Catch the next one in under 5 minutes.

Start free 14-day trial Talk to founders