Thauth Security Overview | Legal

Legal/Thauth Security Overview

This document provides a high-level overview of the security practices implemented by Thauth (“Thauth”, “we”, “us”) in connection with the Thauth platform and services (the “Service”).

This document is for informational purposes only and does not form part of any contractual obligations unless explicitly stated.

1. Security Philosophy

Thauth is designed as an authorization infrastructure service. Security is a core consideration in its architecture and operation.

Our approach focuses on:

Minimizing attack surface
Isolating components and data flows
Enforcing strong authentication and access control
Monitoring and responding to anomalous behavior

2. Shared Responsibility Model

Security is a shared responsibility between Thauth and its Customers.

Thauth Responsibilities

Securing the infrastructure and platform
Protecting data within the Service
Maintaining system availability and integrity

Customer Responsibilities

Securing API Keys and credentials
Properly implementing Authorization Decisions
Ensuring secure integration within their systems
Managing their own application-level security

Important: Thauth provides Authorization Decisions only and does not enforce them within Customer systems.

3. Infrastructure Security

Thauth is hosted on infrastructure provided by:

Contabo (VPS infrastructure)

Security measures include:

Network-level isolation
Firewall configuration
Restricted administrative access
Environment separation where applicable

4. Access Control

Access to systems and data is restricted based on the principle of least privilege.

Measures include:

Role-based access controls for internal systems
Authentication requirements for administrative access
Controlled access to production environments

5. Authentication and Session Security

Thauth implements:

Secure session handling
Token-based authentication mechanisms
Optional multi-factor authentication (where enabled)

Passwords (where applicable) are stored using secure hashing methods.

6. API Security

The Service is accessed primarily through APIs secured via API Keys.

Measures include:

API key authentication
Validation of incoming requests
Rate limiting and abuse detection mechanisms (where applicable)

Customers are responsible for securing API Keys.

7. Data Protection

7.1 Data Segregation

Thauth is a multi-tenant platform designed to logically separate Customer Data.

7.2 Encryption

Data in transit is protected using industry-standard encryption (e.g., HTTPS/TLS)
Encryption at rest may be applied where appropriate depending on infrastructure capabilities

8. Logging and Monitoring

Thauth maintains logging and monitoring systems to:

Detect unauthorized access
Identify abnormal usage patterns
Investigate incidents
Improve system reliability

Logs may include:

Request metadata
Error traces
Access events

9. Incident Response

Thauth maintains internal processes to:

Detect and respond to security incidents
Investigate root causes
Mitigate impact

Where required, affected Customers will be notified in accordance with applicable agreements and legal obligations.

10. Subprocessors

Thauth relies on third-party providers for certain services:

Contabo (infrastructure hosting)
Polar (payment processing)
Resend (email delivery)

These providers are selected based on their ability to support secure operations.

11. Secure Development Practices

Thauth follows development practices intended to reduce risk, including:

Code review processes
Controlled deployment workflows
Separation of development and production environments (where applicable)

12. Limitations

No system can be guaranteed to be completely secure.

Customers acknowledge that:

Security risks cannot be entirely eliminated
They remain responsible for securing their own systems and integrations

13. Updates

This Security Overview may be updated from time to time to reflect changes in practices or infrastructure.

14. Contact

For security-related inquiries:

📧 security@thauth.dev