App logowsgrok
FAQsFeaturesPricing (Free)DownloadDocs
Sign In

Security and Compliance

At Tailrec, security is at the core of everything we do. We implement industry-leading security practices to protect your data and ensure reliable tunnel connections.

Security Features

End-to-End Encryption

All tunnel traffic is encrypted using TLS 1.3, ensuring your data remains secure in transit.

Authentication & Authorization

Secure OAuth 2.0 authentication with support for Google and GitHub providers.

Infrastructure Security

Hosted on Google Cloud Platform with built-in DDoS protection and network isolation.

Data Encryption at Rest

All stored data is encrypted using AES-256 encryption with automatic key rotation.

Data Protection

We implement comprehensive measures to protect your data:

  • Minimal Data Collection: We only collect data necessary to provide our services. We do not access, modify, or use your tunnel traffic without explicit consent.
  • Data Isolation: Customer data is logically isolated using Firebase security rules and project-level segregation.
  • Secure Storage: All data is stored in Firestore with encryption at rest and regular automated backups.
  • Access Controls: Strict role-based access controls (RBAC) limit data access to authorized personnel only.
  • Audit Logging: Comprehensive logging of all system access and operations for security monitoring.

Network Security

Our tunnel infrastructure is built with security best practices:

  • WebSocket Security: All WebSocket connections use WSS (WebSocket Secure) protocol with TLS encryption.
  • Subdomain Isolation: Each tunnel runs on an isolated subdomain to prevent cross-tunnel interference.
  • Rate Limiting: Built-in rate limiting protects against abuse and ensures fair resource allocation.
  • DDoS Protection: Google Cloud Load Balancing provides automatic DDoS mitigation.
  • Network Monitoring: 24/7 monitoring of network traffic for suspicious activity.

Compliance

wsgrok is committed to meeting international compliance standards:

GDPR Compliance (EU)

We comply with the General Data Protection Regulation (GDPR) for European users, including rights to data access, portability, and deletion. Users can request their data or account deletion at any time.

CCPA Compliance (California)

We comply with the California Consumer Privacy Act (CCPA), providing California residents with rights to know what personal information is collected, delete personal information, and opt-out of data sales (we do not sell personal data).

SOC 2 Type II (In Progress)

We are working towards SOC 2 Type II certification to demonstrate our commitment to security, availability, and confidentiality.

Security Best Practices

We recommend the following security practices when using wsgrok:

  • Use unique, strong subdomains that are not easily guessable
  • Never expose sensitive development data through public tunnels
  • Implement authentication on your local services when exposing them via tunnels
  • Regularly rotate your authentication tokens and API keys
  • Monitor your tunnel traffic using our built-in inspection tools
  • Close tunnels when not actively in use

Incident Response

We maintain a comprehensive security incident response plan:

  • 24/7 Monitoring: Our systems are monitored around the clock for security incidents.
  • Rapid Response: Security incidents are triaged and addressed immediately by our security team.
  • User Notification: Affected users are notified within 72 hours of any data breach, in compliance with GDPR requirements.
  • Post-Incident Analysis: We conduct thorough post-mortems to prevent future incidents.

Third-Party Security

We carefully vet all third-party services and conduct regular security assessments. Our infrastructure relies on:

  • Google Cloud Platform: ISO 27001, SOC 2/3, and PCI DSS certified infrastructure
  • Firebase/Firestore: Google-managed database with built-in security features
  • Stripe: PCI DSS Level 1 certified payment processing
  • GitHub/Google OAuth: Industry-standard authentication providers

Vulnerability Disclosure

We take security vulnerabilities seriously. If you discover a security issue, please report it responsibly:

  • Email security reports to: Loading...
  • Provide detailed information about the vulnerability and steps to reproduce
  • Allow us reasonable time to address the issue before public disclosure
  • We will acknowledge receipt within 24 hours and provide updates on remediation

Questions?

If you have questions about our security practices or compliance, please contact us at Loading...