At WaxForward, security is our top priority. We employ industry-standard practices and continuous monitoring to protect your data and ensure reliable email forwarding.
Our platform runs entirely on AWS serverless infrastructure (Lambda, API Gateway, DynamoDB). This architecture minimizes attack surface, scales automatically, and isolates each function to reduce risk.
– In Transit: All communications between your browser and our servers use TLS 1.2+ (HTTPS).
– At Rest: Any stored data (e.g., configuration, domain records) is encrypted using AES-256.
– User accounts are protected with email/password authentication and support for optional 2FA (two-factor authentication) via TOTP apps (Google Authenticator, Authy).
– Access to production systems is restricted: only authorized employees with rotating SSH keys and MFA can deploy or access logs.
We perform periodic vulnerability scans and code reviews. Dependencies are regularly audited using automated tools (e.g., npm audit) and patched within 48 hours of any critical security advisory.
All configuration data and logs are stored in replicated databases across multiple AWS Availability Zones. Daily snapshots are kept for up to 30 days to ensure recovery from accidental deletions or corruption.
– We maintain GDPR compliance (see our GDPR page). – We adhere to SOC 2 principles and are in the process of obtaining formal SOC 2 Type II certification.
Q: Do you store email content?
A: No. Email content is processed in-memory only and forwarded immediately. We do not retain any email body or attachments beyond transient storage required for forwarding.
Q: How do you protect against DDoS attacks?
A: We leverage AWS Shield and automated WAF rules to mitigate volumetric and application-layer attacks. Our serverless endpoints scale to absorb spikes in traffic.
If you discover a security vulnerability or wish to report a concern, please contact us at security@waxforward.com. Our security team will respond within 24 hours.