Security

Security at eupeak.io.

eupeak.io is built by Samarkand OÜ — a company whose core business is delivering elite cybersecurity certifications and audits. Every layer of the eupeak.io infrastructure reflects that.

Data in transit

TLS 1.3 enforced on all API and portal traffic
HSTS enforced on all eupeak.io domains
Certificate transparency monitoring active

Data at rest

AES-256 encrypted volumes on EU-region infrastructure (Frankfurt)
Row Level Security (RLS) enforced at database level
Audit log is append-only and cannot be modified post-creation

API key security

Keys stored as SHA-256 hashes — plaintext never stored
Keys displayed exactly once at creation
Instant revocation from dashboard
Rate limiting: 100 requests/minute per key

Application security

OWASP-aligned input validation on all endpoints
SQL injection prevention via parameterized queries
CORS restricted to authorized origins
HMAC-SHA256 signing on all webhook payloads

Operational security

No screening data shared across tenant accounts
Screening logs retained 24 months then purged
Sub-processor list available on request

Standards

Built to meet NIST, ISO 27001, GDPR and CSA STAR frameworks. Parent company Samarkand OÜ delivers cybersecurity certifications and audits meeting these standards.

Responsible disclosure

Found something? Tell us.

Report security vulnerabilities to security@samarkandindustries.com.

We commit to:

Acknowledge within 48 hours
Provide a resolution timeline within 10 business days
Credit researchers who report valid findings

Please do not publicly disclose vulnerabilities before we have had the opportunity to address them.