PingPage

Legal

Security

How we protect your data and keep our platform secure.

Security is foundational to PingPage. As a platform that teams rely on to monitor their infrastructure and communicate with their users, we take the protection of your data seriously. This page outlines our security practices and how we safeguard the platform.

Infrastructure

PingPage runs on dedicated cloud infrastructure with automated deployments via Docker Compose. All services are containerized and isolated. Our reverse proxy (Traefik) handles TLS termination with automatically provisioned Let's Encrypt certificates, ensuring all traffic is encrypted in transit.

Data Encryption

  • In transit — All connections to PingPage use TLS (HTTPS). API traffic, dashboard access, status pages, and internal service communication are all encrypted.
  • At rest — Database storage is encrypted at the filesystem level through our infrastructure provider.
  • Passwords — User passwords are hashed using bcrypt with a cost factor of 12. We never store plaintext passwords.

Authentication and Access

  • Session management — Dashboard authentication uses HTTP-only session cookies with 30-day expiry. Sessions are stored server-side and can be revoked.
  • API keys — Programmatic access uses scoped API keys with a pp_live_ prefix for easy identification and rotation.
  • Role-based access — Organizations support owner, admin, and member roles with different permission levels.

Application Security

  • SQL injection prevention — All database queries use parameterized statements through pgx. No raw SQL concatenation.
  • Input validation — All user inputs are validated and sanitized at the API boundary.
  • Dependency management — We regularly update dependencies and monitor for known vulnerabilities.

Monitoring and Incident Response

We monitor our own infrastructure with the same tools we provide to our customers. If a security incident occurs, we follow a structured response process: identify, contain, remediate, and communicate. We commit to notifying affected users promptly.

Reporting Vulnerabilities

If you discover a security vulnerability in PingPage, we encourage responsible disclosure. Please report it to security@pingpage.live. We will acknowledge your report within 48 hours and work to resolve the issue promptly. We ask that you do not publicly disclose vulnerabilities until we have had a chance to address them.

Questions

For security-related questions or concerns, contact us at security@pingpage.live or visit our Contact page.