shipi18n logoshipi18n

Security & Trust

Your translation data and API keys are protected with enterprise-grade security measures. Here's how we keep your data safe.

Data Encryption

Your data is encrypted both in transit and at rest.

HTTPS/TLS Encryption in Transit

All API requests use TLS 1.2+ encryption. Data is never transmitted in plaintext.

AES-256 Encryption at Rest

All data stored in our databases is encrypted using AWS-managed encryption keys (AES-256).

Secure API Gateway

All requests pass through AWS API Gateway which enforces HTTPS and provides DDoS protection.

Authentication & Access Control

Secure authentication with multiple layers of protection.

AWS Cognito Authentication

User authentication powered by AWS Cognito with support for email/password and OAuth (Google, GitHub).

Strong Password Requirements

Minimum 8 characters with uppercase, lowercase, numbers, and special characters required.

Email Verification

All accounts require email verification before activation.

Secure Token Management

JWT tokens with short expiration times. Refresh tokens allow seamless re-authentication.

API Key Security

Your API keys are generated securely and can be revoked at any time.

Cryptographically Secure Generation

API keys are generated using cryptographically secure random bytes (256-bit entropy).

Instant Revocation

Revoke your API key instantly from your dashboard. Revoked keys are immediately rejected.

Key Regeneration

Regenerate your API key at any time. The old key is automatically deactivated.

Prefixed Key Format

Keys use the sk_live_ prefix for easy identification and to prevent accidental exposure.

Rate Limiting & Abuse Prevention

Protection against abuse and unauthorized access attempts.

Tier-Based Rate Limiting

Request limits based on your plan tier (Free: 10/min, Starter: 60/min, Pro: 300/min).

Rate Limit Headers

Every response includes X-RateLimit-Remaining so you can monitor usage.

Invalid Key Logging

Failed authentication attempts are logged for security monitoring.

CORS Protection

Strict CORS policy allows only whitelisted origins to access the API from browsers.

Data Privacy & Retention

Your translation data is handled with care and clear retention policies.

Translation Cache: 90 Days

Cached translations are automatically deleted after 90 days of inactivity.

No Data Selling

We never sell your translation data or use it for training AI models.

Delete My Data

Delete all your data instantly via API (DELETE /api/user/data). Translation keys, API keys, and profile are permanently removed.

Isolated Data Storage

Each user's translation data is stored separately and accessible only with their API key.

Data Access & Transparency

We believe in being transparent about how your data is handled.

What We Can See

To provide translation services, our systems must process your content. This means:

  • Your translation key names and source text are visible during processing
  • Translated content is stored in your Translation Memory for caching
  • API requests are logged for debugging and abuse prevention

What We Cannot See

  • Your API keys — stored as SHA-256 hashes, not plaintext
  • Your password — managed by AWS Cognito, never stored by us

Our Commitment

  • We never sell or share your translation data with third parties
  • We do not use your content to train AI models
  • Data access is limited to essential operations only
  • You can delete all your data at any time via the API

Infrastructure Security

Built on AWS with enterprise-grade infrastructure security.

AWS

AWS Infrastructure

Lambda, DynamoDB, API Gateway, Cognito

US-East Region

Data stored in AWS US-East-1

AWS Shield

Built-in DDoS protection

Sentry Monitoring

Real-time error tracking

Security Best Practices for Users

Recommendations

  • 1.Never commit API keys to git. Use environment variables or secrets management.
  • 2.Use server-side API calls when possible. Don't expose your API key in client-side code.
  • 3.Regenerate keys if you suspect they've been compromised.
  • 4.Monitor your usage in the dashboard for unexpected spikes.

Have Security Questions?

If you have security concerns or need to report a vulnerability, please contact us.

team@shipi18n.com