Security
Last updated: March 29, 2026
LibFrog takes the security of our services and the data entrusted to us seriously. This page summarizes our security practices at a high level. It is not an exhaustive list, does not modify any contract or legal obligation, and does not constitute a guarantee that no incident will ever occur.
Report a vulnerability
If you believe you have found a security vulnerability in LibFrog systems or services, please email security@libfrog.com with a clear description, steps to reproduce, and any relevant technical detail. We ask that you give us reasonable time to investigate and remediate before public disclosure. We do not pursue legal action against good-faith security research that complies with this process.
Security program
We maintain an internal security program appropriate to the stage and risk profile of our business. That includes defining roles and accountability for security decisions, reviewing access to production and customer-related systems, and updating practices as our products evolve.
Data in transit
We use industry-standard transport encryption (TLS) for data transmitted between clients and our public-facing services, configured to use modern protocols and cipher suites where we control the endpoint. Third-party services we use are expected to support comparable protections for data in transit.
Data at rest and infrastructure
We rely on reputable cloud and infrastructure providers that offer encryption at rest and physical security for their data centers. We configure storage and databases according to vendor best practices and our own requirements for the sensitivity of the data involved.
Access control
Access to production systems, source code, and customer or operational data is limited to personnel who need it for their role. We use authentication mechanisms such as single sign-on and multi-factor authentication where supported, and we revoke access promptly when roles change or employment ends.
Monitoring and logging
We use logging and monitoring to detect anomalies, support incident response, and improve reliability. Logs are retained for a period appropriate to operational and legal needs and are protected with access controls consistent with their sensitivity.
Incident response
We maintain a process to assess, contain, and remediate suspected security incidents. Where we determine that personal data was compromised and notification is required by law or contract, we will notify affected parties and regulators as appropriate. Customers with specific notification obligations should refer to their agreements with LibFrog.
Subprocessors and vendors
We use carefully selected service providers (for example, hosting, email, analytics, and developer tools). We evaluate vendors for security and privacy practices relevant to the services they provide and contractually require them to protect data appropriately.
Your responsibilities
Security is shared. You should protect your account credentials, use unique passwords, keep your devices and browsers updated, and report suspected unauthorized use to us promptly. Phishing and social engineering remain common attack vectors; verify the sender before clicking links or providing sensitive information.
Enterprise customers
Organizations that license LibFrog products under a separate agreement may receive additional security documentation, questionnaires, or contractual commitments. Those materials supersede this page where they differ.