Ducto
EspañolEnglish

Security

Last updated: 2026-02-01

Responsible Entity: Ducto Labs LLC

Commitment: Protecting our users' information

1. Our Commitment

At Ducto Labs LLC we take the security of your data seriously. We implement technical and organizational measures to protect our customers' information.

2. Data Encryption

2.1. Encryption in Transit

All communication between your browser and our servers is protected by:

  • HTTPS/TLS: Secure encrypted connections for all communications.
  • SSL Certificates: Provided by Cloudflare.

2.2. Encryption at Rest

Stored data is protected using industry-standard encryption.

3. Infrastructure

3.1. Infrastructure Providers

We use reliable infrastructure services:

  • AWS: For hosting and data storage.
  • Cloudflare: For network protection and CDN.

3.2. Network Protection

  • Firewalls to protect our servers.
  • DDoS protection via Cloudflare.

4. Authentication and Access

4.1. User Authentication

  • Securely hashed passwords.
  • Sessions with automatic expiration.
  • Two-factor authentication (2FA) option.

4.2. Access Control

We implement role-based access controls (RBAC) so each user only accesses what they need.

5. Backups

  • Regular database backups.
  • Encrypted backups.
  • Backup retention for 30 days.

6. Data Deletion

When you delete your account:

  • Your data is deleted within 90 days.
  • Backups are purged according to our retention policy.

7. Development and Code

  • Code reviews before deploying changes.
  • Separation between development and production environments.
  • Regular updates to dependencies and libraries.

8. API and Programmatic Access

Our API is protected by:

  • API Key authentication.
  • Rate limiting to prevent abuse.
  • Validation of all inputs.

9. WhatsApp Business API

As a Meta solutions provider:

  • Messages maintain WhatsApp's end-to-end encryption.
  • We only process messages from users who have given consent (opt-in).

10. Reporting Issues

If you find a security issue:

  1. Send an email to [email protected].
  2. Do not publicly disclose the issue until we have resolved it.
  3. Provide enough information to reproduce the problem.

11. Contact

Security Contact

Email: [email protected]

12. Updates

This page is updated periodically. The last updated date is shown at the top of the document.

For security questions, write to us at [email protected].