Security

Conerix is built with security and operational resilience as core requirements for a messaging infrastructure platform. This page summarises our security practices. It is not a contractual SLA — enterprise customers may request detailed security documentation under NDA.

1. Infrastructure security

• Encryption in transit — all public endpoints require TLS 1.2 or higher.
• Access controls — production systems are accessible only to authorised personnel with role-based access.
• Network segmentation — application, database, and routing layers are separated.
• Monitoring — delivery health and API availability are published on our status page.

2. Application security

• Passwords are hashed using industry-standard algorithms; plaintext passwords are never stored.
• API keys are stored hashed and can be rotated from the dashboard.
• CSRF protection is enforced on all state-changing web forms.
• Session cookies use secure and HTTP-only flags in production.

3. Data protection

Personal data and message content are processed in accordance with our Privacy Policy and GDPR commitments. Message logs are retained for a limited period (typically 90 days) unless a longer retention is required by law or contract.

4. Account security recommendations

Customers share responsibility for securing their accounts:

• Use strong, unique passwords and enable team access controls where available.
• Rotate API keys regularly and revoke unused keys promptly.
• Restrict API key scope to the minimum required operations.
• Monitor delivery reports and account activity for anomalies.
• Report suspected compromise immediately via our contact page.

5. Abuse and fraud prevention

Automated controls — rate limiting, velocity monitoring, link scanning, and spam pattern detection — protect the platform and upstream carriers. Suspicious traffic is blocked, queued for review, or rate-limited before reaching carrier networks. See our Compliance Center for details.

6. Incident response

We maintain procedures for detecting, containing, and notifying customers of security incidents affecting personal data, in line with GDPR breach notification requirements.

7. Vulnerability reporting

If you discover a security vulnerability, please report it responsibly via our contact page with subject line "Security". Do not publicly disclose vulnerabilities before we have had reasonable time to investigate and remediate.

We acknowledge valid reports within two business days.

8. Subprocessors

We engage vetted hosting, payment, and carrier gateway providers under data processing agreements. A subprocessor list is available on request for enterprise accounts.

9. Contact

Security enquiries: info@conerix.com