Security
Security Overview
Babelize security practices and compliance.
Babelize is built with security at every layer. This document outlines our practices for protecting your data and applications.
Security Architecture
| Layer | Protection |
|---|---|
| Network | TLS 1.3, DDoS protection via Cloudflare, WAF |
| Application | OAuth 2.0, session management, RBAC |
| Data | AES-256 encryption at rest, encrypted backups |
| Operations | 24/7 monitoring, incident response procedures |
Data Security
Encryption
| State | Method |
|---|---|
| In transit | TLS 1.3 |
| At rest | AES-256 |
| Backups | AES-256 |
See Data Encryption for details.
Your Content
- Source code is processed in memory during translation
- Translated output is stored encrypted
- We never train AI models on your content
- Data is deleted according to your plan's retention policy
Authentication
- Email OTP (passwordless)
- OAuth 2.0 (GitHub, Google)
- Secure session cookies with HttpOnly and SameSite flags
- Automatic session expiration
Access Control
Role-based access control with four levels: Owner, Admin, Editor, Viewer.
See Access Control for the full permission matrix.
Compliance
| Standard | Status |
|---|---|
| GDPR | Compliant |
| CCPA | Compliant |
| SOC 2 Type II | In progress |
Reporting Security Issues
If you discover a security issue:
- Email support@babelize.co with subject [SECURITY]
- Include a detailed description
- Provide reproduction steps if possible
- Do not publicly disclose until resolved
We acknowledge reports within 24 hours.