anonymize.today - Security Overview

Last Updated: January 24, 2026 Classification: PUBLIC

Overview

Security is fundamental to anonymize.today. We implement comprehensive security measures to protect your data and ensure the privacy of all information processed through our platform. This document provides an overview of our security practices without revealing sensitive implementation details.

---

Encryption

Data in Transit

• TLS 1.3: All data transmitted between your browser and our servers uses TLS 1.3 encryption
• HTTPS Only: All connections are encrypted and secure
• Certificate: Let's Encrypt SSL certificate with automatic renewal
• Security Headers: HSTS (HTTP Strict Transport Security) ensures encrypted connections

Data at Rest

• AES-256-GCM: Industry-standard encryption for sensitive data
• Encrypted Storage: All sensitive data stored with encryption
• Key Management: Secure key storage and management
• Database Encryption: Sensitive database fields encrypted

---

Authentication & Access Control

Authentication Methods

• Password-Based: Strong password requirements (8+ characters, mixed case, numbers, symbols)
• Two-Factor Authentication (2FA): Optional 2FA via authenticator app or email
• JWT Tokens: Secure, time-limited authentication tokens
• Session Management: Device tracking and session revocation

Password Security

• Password Hashing: bcrypt with appropriate cost factors
• Password History: Prevents reuse of last 3 passwords
• Account Lockout: Automatic lockout after 5 failed login attempts (15-minute lockout with automatic unlock)
• Password Reset: Secure token-based reset with SHA-256 hashing, 1-hour expiry

Access Control

• Role-Based Access Control (RBAC): Admin, Editor, User roles
• Plan-Based Feature Gating: Features accessible based on subscription plan
• API Token Management: Secure API token generation and revocation
• Session Validation: Middleware checks session validity on every request

---

Bot Protection

reCAPTCHA v3

• Invisible Protection: Google reCAPTCHA v3 on all public forms (signup, contact, forgot password)
• Score-Based: Intelligent risk assessment with 0.5 threshold
• No User Friction: Completely invisible to legitimate users
• Spam Prevention: Blocks automated bot submissions
• Server-Side Verification: All tokens verified server-side

Rate Limiting

• Contact Form: 5 submissions per hour per IP address
• API Endpoints: Standard rate limits on all endpoints
• Brute Force Protection: Account lockout after 5 failed login attempts (15-minute lockout)
• DDoS Protection: Server-level rate limiting

---

Compliance & Certifications

ISO 27001:2022

• Compliance Status: 86% implemented
• Information Security Management System (ISMS): Comprehensive security framework
• Regular Audits: Ongoing security assessments and improvements
• Documentation: Complete security policies and procedures

GDPR Compliance

• Data Protection: Comprehensive data protection measures
• Data Subject Rights: Access, erasure, portability, and rectification
• Data Processing Agreements: Compliant data processing
• Breach Notification: Procedures for data breach notification
• Data Export: Self-service data export (GDPR Article 20)

Other Standards

• OWASP Top 10: Protection against common web vulnerabilities
• SOC 2 Type II Principles: Security, availability, and confidentiality principles

---

Data Protection Measures

Data Processing

• No Data Storage: Your text is processed in real-time and not stored
• Metadata Only: Only usage statistics and token transactions are stored
• Anonymization: All PII is anonymized according to your specifications
• Secure Processing: All processing occurs in secure, isolated environments

Data Retention

• Minimal Retention: Only necessary metadata retained
• User Data: Retained per your account lifecycle
• Audit Logs: Retained for compliance and security purposes
• Deletion: Data deletion upon account closure (subject to legal requirements)

Data Sharing

• No Third-Party Sharing: We do not share your data with third parties
• Service Providers: Only essential service providers with strict data protection agreements
• Legal Requirements: Data sharing only when legally required

---

Security Headers

We implement comprehensive security headers:

• Strict-Transport-Security (HSTS): Forces HTTPS connections
• Content-Security-Policy (CSP): Prevents XSS attacks
• X-Frame-Options: Prevents clickjacking
• X-Content-Type-Options: Prevents MIME-type sniffing
• X-XSS-Protection: Additional XSS protection
• Referrer-Policy: Controls referrer information
• Permissions-Policy: Controls browser features

---

Audit Logging

Comprehensive Logging

• All Operations: All security-relevant operations logged
• Authentication Events: Login attempts, password changes, 2FA changes
• Access Events: API access, feature usage
• Payment Events: All payment transactions logged
• Admin Actions: All administrative actions logged

Log Retention

• Compliance: Logs retained per compliance requirements
• Security: Security logs retained for incident investigation
• Access: Logs accessible only to authorized personnel

Centralized Logging Infrastructure

• Winston Logger: Structured logging with JSON format and configurable log levels
• Request Tracing: Unique request IDs (X-Request-ID) for log correlation across services
• Grafana Loki: Centralized log aggregation for unified monitoring and querying
• Structured Metadata: User ID, component, duration tracked in all log entries
• Environment-Based: Log levels configurable per environment (debug, info, warn, error)

---

Security Best Practices

For Users

• ✅ Use strong, unique passwords
• ✅ Enable two-factor authentication
• ✅ Regularly review active sessions
• ✅ Use secure networks when accessing the platform
• ✅ Report suspicious activity immediately

Platform Practices

• ✅ Regular security updates and patches
• ✅ Vulnerability scanning and assessment
• ✅ Penetration testing
• ✅ Security awareness training
• ✅ Incident response procedures

---

Incident Response

Response Procedures

• Detection: Automated monitoring and alerting
• Response Time: Target response within 24 hours
• Communication: Transparent communication with affected users
• Remediation: Swift remediation of security issues
• Post-Incident: Comprehensive post-incident review

Reporting Security Issues

If you discover a security vulnerability:

1. Do not disclose publicly
2. Contact us immediately with details
3. We will investigate and respond promptly
4. Responsible disclosure is appreciated

---

Security Updates

We continuously improve our security posture:

• Regular Updates: Security updates applied promptly
• Vulnerability Management: Proactive vulnerability scanning and patching
• Security Reviews: Regular security architecture reviews
• Compliance Audits: Ongoing compliance assessments

---

Privacy Commitments

Your Privacy

• Data Minimization: We collect only necessary data
• Purpose Limitation: Data used only for stated purposes
• Transparency: Clear privacy policies and practices
• User Control: You control your data and can export or delete it

Our Commitments

• No Data Selling: We never sell your data
• No Unauthorized Access: Strict access controls
• Confidentiality: All data treated as confidential
• Compliance: Full compliance with applicable privacy laws

---

Additional Resources

• Compliance Overview - Detailed compliance information
• GDPR Compliance - GDPR compliance details
• ISO 27001 Documentation - ISO 27001 policies and procedures
• User Guide - User documentation including security features

---

Last Updated: January 24, 2026

Note: This document provides a public overview of security measures. For detailed technical security documentation, see internal security documentation (available to authorized personnel only).

Compliance Overview

Last Updated: January 24, 2026 Classification: PUBLIC

Overview

anonymize.today is committed to maintaining the highest standards of security and compliance. This document provides an overview of our compliance certifications, data protection measures, and privacy commitments.

---

Compliance Certifications

ISO 27001:2022

Status: 86% Implemented

anonymize.today follows ISO 27001:2022 standards for Information Security Management Systems (ISMS). Our implementation includes:

• Information Security Policy: Comprehensive security policy framework
• Access Control Policy: Role-based access control and authentication
• Incident Response Plan: Procedures for security incident handling
• Risk Assessment: Regular security risk assessments
• Statement of Applicability: Control implementation status

Documentation:

• Information Security Policy
• Access Control Policy
• Incident Response Plan
• Risk Assessment
• Statement of Applicability

---

GDPR Compliance

Status: Fully Compliant

anonymize.today is designed to help organizations comply with the General Data Protection Regulation (GDPR). Our platform implements:

• Data Protection by Design: Built-in privacy protection measures
• Data Subject Rights: Access, erasure, portability, and rectification
• Data Processing Agreements: Compliant data processing
• Breach Notification: Procedures for data breach notification
• Data Export: Self-service data export (GDPR Article 20)

Key Features:

• Real-time processing (no data storage)
• User data export functionality
• Comprehensive audit logging
• Secure data processing

See GDPR Compliance for detailed information.

---

Data Protection Measures

Encryption

• Data in Transit: TLS 1.3 encryption for all connections
• Data at Rest: AES-256-GCM encryption for sensitive data
• Key Management: Secure key storage and management

Access Control

• Authentication: Multi-factor authentication (2FA) support
• Authorization: Role-based access control (Admin, Editor, User)
• Session Management: Device tracking and session revocation
• Password Security: Strong password requirements and history

Data Processing

• No Data Storage: Text is processed in real-time and not stored
• Metadata Only: Only usage statistics and token transactions are stored
• Secure Processing: All processing occurs in secure, isolated environments

---

Privacy Commitments

Your Privacy

• Data Minimization: We collect only necessary data
• Purpose Limitation: Data used only for stated purposes
• Transparency: Clear privacy policies and practices
• User Control: You control your data and can export or delete it

Our Commitments

• No Data Selling: We never sell your data
• No Unauthorized Access: Strict access controls
• Confidentiality: All data treated as confidential
• Compliance: Full compliance with applicable privacy laws

---

Audit Capabilities

Comprehensive Logging

• All Operations: All security-relevant operations logged
• Authentication Events: Login attempts, password changes, 2FA changes
• Access Events: API access, feature usage
• Payment Events: All payment transactions logged
• Admin Actions: All administrative actions logged

Log Retention

• Compliance: Logs retained per compliance requirements
• Security: Security logs retained for incident investigation
• Access: Logs accessible only to authorized personnel

---

Compliance Status Dashboard

Current Status

Ongoing Improvements

• Regular security assessments
• Continuous compliance monitoring
• Security updates and patches
• Staff training and awareness

---

Additional Resources

• GDPR Compliance - Detailed GDPR compliance information
• ISO 27001 Documentation - Complete ISO 27001 policies and procedures
• Server Infrastructure - Infrastructure provider and data center information
• Security Overview - Security highlights
• User Guide - User documentation

---

Last Updated: January 24, 2026

GDPR Compliance

Last Updated: January 24, 2026 Classification: PUBLIC

Overview

anonymize.today is designed to help organizations comply with the General Data Protection Regulation (GDPR). This document outlines our GDPR compliance measures and how the platform supports your GDPR obligations.

---

GDPR Principles Implemented

1. Lawfulness, Fairness, and Transparency

• Clear Purpose: Platform purpose clearly stated
• Transparent Processing: Users understand how their data is processed
• Legal Basis: Processing based on legitimate interests and user consent

2. Purpose Limitation

• Specific Purpose: Data collected only for platform operation
• No Secondary Use: Data not used for purposes other than stated
• Clear Scope: Processing scope clearly defined

3. Data Minimization

• Minimal Collection: Only necessary data collected
• No Text Storage: User text processed in real-time, not stored
• Metadata Only: Only usage statistics and token transactions stored

4. Accuracy

• User Control: Users can update their data
• Data Correction: Profile information can be corrected
• Verification: Email verification ensures accuracy

5. Storage Limitation

• No Text Storage: User text not stored
• Retention Policy: Metadata retained per account lifecycle
• Deletion: Data deletion upon account closure

6. Integrity and Confidentiality

• Encryption: AES-256-GCM (at rest), TLS 1.3 (in transit)
• Access Control: Role-based access control
• Security Measures: Comprehensive security implementation

7. Accountability

• Documentation: Complete security and compliance documentation
• Audit Logging: Comprehensive audit trails
• Compliance Monitoring: Regular compliance assessments

---

Data Subject Rights

Right of Access (Article 15)

How to Exercise:

1. Go to Settings → Account tab
2. Click "Download My Data"
3. Receive JSON export of all personal data

What's Included:

• Profile information
• Custom entities
• Presets
• Usage history
• Token ledger
• Subscriptions
• Payment history

Rate Limit: 1 export per hour

Right to Rectification (Article 16)

How to Exercise:

• Update profile information in Settings → Account
• Change email address in Settings → Account
• Update custom entities and presets

Right to Erasure (Article 17)

How to Exercise:

• Contact support to request account deletion
• All personal data will be deleted (subject to legal requirements)
• Deletion processed in accordance with GDPR requirements

Right to Data Portability (Article 20)

How to Exercise:

• Use "Download My Data" feature in Settings → Account
• Receive machine-readable JSON format
• Export includes all personal data

Right to Object (Article 21)

How to Exercise:

• Contact support to object to specific processing
• We'll review and respond to objections

Rights Related to Automated Decision-Making (Article 22)

Status: anonymize.today does not use automated decision-making that produces legal effects or significantly affects individuals.

---

Data Processing Agreements

Controller-Processor Relationships

• We are a Processor: When processing your text data
• You are the Controller: You determine the purposes and means of processing
• No Data Sharing: We do not share your data with third parties

Processing Activities

• Purpose: PII detection and anonymization
• Legal Basis: Legitimate interests (service provision)
• Data Categories: Text content (processed, not stored)
• Data Subjects: Your users/customers whose data you process

---

Data Retention Policies

User Account Data

• Retention: Retained while account is active
• Deletion: Deleted upon account closure (subject to legal requirements)
• Backup: Backups retained per backup retention policy

Processing Data

• Text Content: Not stored (processed in real-time)
• Metadata: Usage statistics and token transactions
• Retention: Per account lifecycle

Audit Logs

• Retention: Per compliance requirements
• Access: Authorized personnel only
• Purpose: Security and compliance

---

Breach Notification Procedures

Our Commitment

• Detection: Automated monitoring and alerting
• Response Time: Target response within 24 hours
• Notification: Transparent communication with affected users
• Remediation: Swift remediation of security issues

Breach Notification

If a data breach occurs:

1. Immediate Assessment: Assess scope and impact
2. Containment: Contain the breach immediately
3. Notification: Notify affected users within 72 hours (if required)
4. Remediation: Remediate security issues
5. Post-Incident Review: Comprehensive post-incident review

---

International Data Transfers

Data Location

• Processing: Data processed on servers in EU/EEA
• Storage: Metadata stored in EU/EEA
• Transfers: No international transfers of personal data

Adequacy Decisions

• EU Adequacy: Processing in EU/EEA ensures adequacy
• Standard Contractual Clauses: Not applicable (no transfers)

---

Privacy by Design and Default

Design Principles

• Data Minimization: Minimal data collection
• No Text Storage: Real-time processing only
• Encryption: Encryption by default
• Access Control: Least privilege access

Default Settings

• Privacy-First: Privacy-protective defaults
• User Control: Users control their data
• Transparency: Clear privacy practices

---

Data Protection Impact Assessments (DPIAs)

When Required

• New Features: DPIAs for new features processing personal data
• Significant Changes: DPIAs for significant processing changes
• High-Risk Processing: DPIAs for high-risk processing activities

Our Approach

• Proactive Assessment: Assess privacy impact before implementation
• Documentation: Document DPIA findings
• Mitigation: Implement privacy mitigations

---

Additional Resources

• Compliance Overview - Compliance summary
• ISO 27001 Documentation - Security policies
• Security Overview - Security highlights
• User Guide - User documentation

---

Last Updated: January 24, 2026

Two-Factor Authentication (2FA) Guide

Last Updated: January 24, 2026
Classification: PUBLIC

What is Two-Factor Authentication?

Two-Factor Authentication (2FA) adds an extra layer of security to your account. When enabled, you'll need to provide two things to sign in:

1. Something you know - Your password
2. Something you have - A verification code from your authenticator app or email

This means even if someone discovers your password, they still can't access your account without the second factor.

---

Setting Up 2FA

Step 1: Access Security Settings

1. Sign in to your account at anonymize.today
2. Click on Settings in the navigation menu
3. Go to the Security tab

Step 2: Choose Your 2FA Method

You can enable one or both of these methods:

Option A: Authenticator App (Recommended)

An authenticator app generates time-based codes that change every 30 seconds. This is the most secure option.

Supported Apps:

• Google Authenticator (iOS/Android)
• Microsoft Authenticator (iOS/Android)
• Authy (iOS/Android/Desktop)
• 1Password
• Any TOTP-compatible authenticator

Setup Process:

1. Click Set up Authenticator App
2. A QR code will appear on screen
3. Open your authenticator app and scan the QR code
4. Enter the 6-digit code from your app to verify
5. Important: Save your backup codes in a secure location!

Option B: Email Verification

Email verification sends a 6-digit code to your registered email address.

Setup Process:

1. Click Enable Email 2FA
2. A verification code will be sent to your email
3. Enter the code to confirm
4. Email 2FA is now active

Step 3: Save Your Backup Codes

When you first enable 2FA, you'll receive backup codes. These are one-time use codes that let you access your account if you lose access to your authenticator app or email.

⚠️ IMPORTANT:

• Each backup code can only be used once
• Store them in a secure location (password manager, safe, etc.)
• Don't share them with anyone
• You can regenerate new codes from Security Settings if needed

---

Signing In with 2FA

Using Your Authenticator App

1. Enter your email and password on the sign-in page
2. When prompted for 2FA, open your authenticator app
3. Enter the 6-digit code shown in the app
4. Click Verify & Sign In

💡 Tip: Authenticator codes change every 30 seconds. If a code doesn't work, wait for the next one.

Using Email Verification

1. Enter your email and password on the sign-in page
2. When prompted for 2FA, click Send code via email
3. Check your inbox for the verification email
4. Enter the 6-digit code from the email
5. Click Verify & Sign In

💡 Tip: Email codes are valid for 10 minutes. Check your spam folder if you don't see the email.

Using a Backup Code

If you can't access your authenticator app or email:

1. Enter your email and password on the sign-in page
2. When prompted for 2FA, enter one of your backup codes
3. Click Verify & Sign In

⚠️ Remember: Each backup code can only be used once. After using a backup code, consider regenerating new ones from Security Settings.

---

Managing Your 2FA Settings

Viewing Your Current Setup

Go to Settings → Security to see:

• Which 2FA methods are currently enabled
• Your default 2FA method for sign-in
• Number of remaining backup codes

Changing Your Default Method

If you have both authenticator and email enabled:

1. Go to Settings → Security
2. Find the Default Method section
3. Select your preferred method
4. Click Save Changes

Disabling a 2FA Method

1. Go to Settings → Security
2. Find the method you want to disable
3. Toggle it off or click Disable
4. Confirm with your password if prompted

⚠️ Warning: If you disable all 2FA methods, your account will only be protected by your password.

Regenerating Backup Codes

If you've used some backup codes or suspect they've been compromised:

1. Go to Settings → Security
2. Click Regenerate Backup Codes
3. Enter a verification code to confirm
4. Save the new codes securely
5. Old codes will no longer work

---

Troubleshooting

"Invalid verification code" Error

For Authenticator App:

• Make sure the time on your phone is correct (sync with network time)
• Wait for a new code if the current one is about to expire
• Ensure you're using the code for the correct account

For Email Codes:

• Codes expire after 10 minutes - request a new one
• Check your spam/junk folder
• Make sure you're entering the most recent code

Can't Access Authenticator App

1. Try signing in with a backup code
2. Once signed in, go to Security Settings
3. Disable the old authenticator setup
4. Set up a new authenticator app

Not Receiving Email Codes

1. Check your spam/junk folder
2. Verify your email address is correct in your profile
3. Wait a few minutes and try again
4. Contact support if the issue persists

Lost All Access Methods

If you've lost access to:

• Your authenticator app
• Your email
• All backup codes

Please contact support at [email protected] with:

• Your account email address
• Proof of identity
• Reason for the request

---

Security Best Practices

DO ✅

• Use an authenticator app as your primary method
• Keep backup codes in a secure location
• Use a unique, strong password for your account
• Keep your authenticator app updated
• Periodically check your security settings

DON'T ❌

• Share your backup codes with anyone
• Store backup codes in an easily accessible location
• Use the same password as other websites
• Ignore suspicious sign-in attempts
• Disable 2FA without a good reason

---

Frequently Asked Questions

Q: Can I use 2FA on multiple devices? A: Yes! Most authenticator apps allow you to sync across devices, or you can set up the same account on multiple apps by scanning the QR code on each device during setup.

Q: What happens if I get a new phone? A: Before switching phones, either:

• Transfer your authenticator app data to the new phone
• Use backup codes to sign in and set up 2FA again
• Disable 2FA, switch phones, then re-enable it

Q: Is email 2FA as secure as an authenticator app? A: Authenticator apps are generally more secure because:

• Codes are generated offline
• No network interception risk
• Codes change every 30 seconds

Email is still a good option and much better than no 2FA at all.

Q: How many backup codes do I get? A: You receive 10 backup codes when you first enable 2FA. Each can only be used once.

Q: Can I see which backup codes I've used? A: For security reasons, you can only see how many backup codes remain, not which specific codes have been used.

---

Need Help?

If you're having trouble with 2FA:

• Email: [email protected]
• Check our FAQ section above
• Visit our support page at anonymize.today/support

Information Security Policy

Document ID: ISMS-POL-001
Version: 1.0
Effective Date: December 29, 2025
Review Date: December 29, 2026
Classification: Internal

1. Purpose

This Information Security Policy establishes the framework for protecting the confidentiality, integrity, and availability of information assets at anonymize.today. It defines the security requirements and responsibilities for all personnel, systems, and processes involved in the operation of the PII anonymization platform.

2. Scope

This policy applies to:

• All employees, contractors, and third parties with access to anonymize.today systems
• All information assets including customer data, system configurations, and intellectual property
• All systems, networks, and applications that process, store, or transmit information
• All physical and virtual environments hosting the platform

3. Policy Statement

anonymize.today is committed to:

• Protecting customer data and ensuring privacy in PII processing
• Maintaining the confidentiality, integrity, and availability of information assets
• Complying with applicable laws, regulations, and contractual requirements
• Continuously improving the Information Security Management System (ISMS)

4. Information Security Objectives

1. Data Protection: Ensure all PII processed through the platform is protected using industry-standard encryption (AES-256-GCM)
2. Access Control: Implement role-based access control (RBAC) and plan-based feature gating
3. Availability: Maintain 99.9% uptime for production services
4. Incident Response: Detect and respond to security incidents within 24 hours
5. Compliance: Maintain compliance with GDPR and relevant data protection regulations

5. Roles and Responsibilities

5.1 Management

• Approve and support the ISMS
• Allocate resources for security initiatives
• Review security performance quarterly

5.2 System Administrators

• Implement and maintain security controls
• Monitor systems for security events
• Apply security patches within defined timeframes

5.3 Developers

• Follow secure coding practices
• Conduct code reviews for security vulnerabilities
• Implement security requirements in applications

5.4 Users

• Comply with security policies and procedures
• Report security incidents promptly
• Protect authentication credentials

6. Security Controls

6.1 Technical Controls

• Encryption at rest and in transit (TLS 1.2+, AES-256-GCM)
• Multi-factor authentication (2FA) support
• Account lockout after failed login attempts
• Password complexity requirements (8+ characters, mixed case, numbers, symbols)
• JWT-based session management
• Role-based access control (Admin, Editor, User)
• Plan-based feature gating (Free, Basic, Pro, Business)

6.2 Administrative Controls

• Security awareness training
• Access provisioning and deprovisioning procedures
• Change management process
• Incident response procedures

6.3 Physical Controls

• Data center security (Hetzner certified facilities)
• Network segmentation
• Firewall and intrusion detection

7. Acceptable Use

7.1 Permitted Use

• Processing PII for legitimate anonymization purposes
• Using system features according to subscription plan
• Accessing data necessary for job functions

7.2 Prohibited Use

• Attempting to bypass security controls
• Sharing authentication credentials
• Processing illegal content
• Unauthorized data exfiltration

8. Data Classification

9. Compliance

This policy supports compliance with:

• General Data Protection Regulation (GDPR)
• ISO/IEC 27001:2022
• SOC 2 Type II principles

10. Policy Review

This policy shall be reviewed:

• Annually, or
• Following significant security incidents, or
• When there are major changes to the business or technology environment

11. Enforcement

Violations of this policy may result in:

• Disciplinary action up to and including termination
• Termination of contractor agreements
• Legal action where appropriate

12. Document Control

Access Control Policy

Document ID: ISMS-POL-002
Version: 1.1
Effective Date: December 30, 2025
Review Date: December 30, 2026
Classification: Internal
Last Updated: v4.2.0 - Admin Plan Management

1. Purpose

This policy establishes the requirements for controlling access to anonymize.today systems, applications, and data. It ensures that access is granted based on business need and principle of least privilege.

2. Scope

This policy covers:

• User account management
• Authentication mechanisms
• Authorization and role-based access
• Plan-based feature access
• API access controls
• Administrative access

3. User Account Management

3.1 Account Creation

• Accounts created via self-registration with email verification
• Email verification required before account activation
• Unique email address required per account

3.2 Account Types

3.3 Account Deactivation

• Accounts deactivated after 12 months of inactivity
• Immediate deactivation upon request
• Data retention per privacy policy

4. Authentication

4.1 Password Requirements

4.2 Account Lockout

4.3 Multi-Factor Authentication (2FA)

• Optional for all users
• Supported methods: TOTP (Authenticator app), Email
• Required for Admin accounts (recommended)

4.4 Session Management

• JWT-based sessions
• Session duration: 30 days
• Secure, HttpOnly cookies
• Session invalidation on password change

5. Role-Based Access Control (RBAC)

5.1 Defined Roles (v4.0 - Simplified)

Note: Legacy roles (Viewer, GlobalViewer, PresetEditor) were removed in v3.13.0 and migrated to the simplified role system.

5.2 Role Permissions Matrix

Admin User Management (v4.2.0+):

• When an admin changes a user's plan, the system automatically:
  • Cancels any active external subscriptions (PayPal/Stripe)
  • Updates the user's token wallet to the new plan's allocation
  • Resets the token cycle dates
  • Creates comprehensive audit log entries
• This ensures billing consistency and prevents users from being charged for plans they're not using
• All operations are performed atomically within database transactions
• See docs/ADMIN_PLAN_MANAGEMENT.md for detailed procedures

5.3 Role Assignment Rules

• Roles automatically assigned based on subscription plan
• Admin role never automatically downgraded
• Role changes logged to audit trail

6. Plan-Based Feature Access

6.1 Feature Matrix

6.2 Token Limits

7. API Access Control

7.1 API Authentication

• Bearer token authentication
• JWT tokens with user context
• Token expiration enforced

7.2 API Rate Limiting

• Per-user rate limits based on plan
• Endpoint-specific rate limits
• 429 response on limit exceeded

7.3 API Feature Access

• API access requires Basic plan or higher
• Feature checks enforced at API level
• Unauthorized access returns 403

8. Administrative Access

8.1 Server Access

• SSH key authentication only (no password)
• fail2ban protection against brute force
• Access limited to authorized administrators

8.2 Database Access

• No direct database access from internet
• Access via application layer only
• Parameterized queries (Prisma ORM)

8.3 Admin Panel Access

• Admin role required
• Session-based authentication
• Audit logging of admin actions

9. Access Reviews

9.1 User Access Review

• Quarterly review of user accounts
• Removal of inactive accounts
• Verification of role assignments

9.2 Administrative Access Review

• Monthly review of admin accounts
• Verification of SSH key validity
• Review of admin action logs

10. Audit Logging

10.1 Logged Events

• User authentication (success/failure)
• Role changes
• Permission changes
• Admin actions
• API access

10.2 Log Retention

• Authentication logs: 90 days
• Admin action logs: 1 year
• Security event logs: 1 year

11. Document Control

Incident Response Plan

Document ID: ISMS-POL-003
Version: 1.0
Effective Date: December 29, 2025
Review Date: December 29, 2026
Classification: Internal

1. Purpose

This Incident Response Plan establishes procedures for detecting, responding to, and recovering from information security incidents affecting anonymize.today systems and data.

2. Scope

This plan covers:

• Security incidents affecting the anonymize.today platform
• Data breaches involving customer PII
• System compromises and unauthorized access
• Service disruptions affecting availability
• Malware and ransomware incidents

3. Incident Classification

3.1 Severity Levels

3.2 Incident Categories

4. Incident Response Team

4.1 Roles and Responsibilities

4.2 Contact Information

Incident response contacts maintained in secure internal documentation.

5. Incident Response Phases

5.1 Phase 1: Detection and Identification

Objectives:

• Detect security events through monitoring
• Identify and classify incidents
• Initial assessment of impact

Activities:

1. Monitor alerts from:

   • System logs (journalctl)
   • Application logs
   • Security monitoring (fail2ban)
   • Uptime monitoring
   • Error tracking (Sentry)

2. Initial triage:

   • Verify incident is genuine
   • Classify severity level
   • Document initial findings

3. Notification:

   • Alert incident response team
   • Escalate based on severity

5.2 Phase 2: Containment

Objectives:

• Limit incident impact
• Preserve evidence
• Prevent further damage

Short-term Containment:

• Block malicious IP addresses (UFW/fail2ban)
• Disable compromised accounts
• Isolate affected systems
• Revoke compromised credentials

Long-term Containment:

• Apply temporary patches
• Implement additional monitoring
• Prepare for recovery

5.3 Phase 3: Eradication

Objectives:

• Remove threat from environment
• Address root cause
• Verify threat elimination

Activities:

1. Remove malware/unauthorized access
2. Patch vulnerabilities
3. Reset compromised credentials
4. Update security configurations
5. Verify system integrity

5.4 Phase 4: Recovery

Objectives:

• Restore normal operations
• Verify system security
• Monitor for recurrence

Activities:

1. Restore from clean backups (Hetzner snapshots)
2. Rebuild affected systems
3. Validate system functionality
4. Implement enhanced monitoring
5. Gradual service restoration

5.5 Phase 5: Post-Incident

Objectives:

• Document lessons learned
• Improve security posture
• Update procedures

Activities:

1. Incident documentation
2. Root cause analysis
3. Lessons learned meeting
4. Update security controls
5. Update incident response procedures

6. Communication Procedures

6.1 Internal Communication

6.2 External Communication

6.3 Notification Template (Data Breach)

Subject: Security Notification - anonymize.today

Dear [Customer],

We are writing to inform you of a security incident affecting your account.

What happened: [Description]
When: [Date/Time]
What data was affected: [Details]
What we are doing: [Actions taken]
What you should do: [Recommendations]

We apologize for any inconvenience and are committed to protecting your data.

For questions, contact: [email protected]

7. Evidence Preservation

7.1 Evidence Collection

• System logs
• Network traffic captures
• Memory dumps (if applicable)
• File system snapshots
• Authentication logs

7.2 Chain of Custody

• Document all evidence handling
• Maintain integrity hashes
• Secure storage of evidence
• Access logging

8. Specific Incident Procedures

8.1 Data Breach Response

1. Immediate Actions:

   • Identify scope of breach
   • Contain data exposure
   • Preserve evidence

2. Assessment:

   • Determine data types affected
   • Identify affected individuals
   • Assess regulatory obligations

3. Notification:

   • Notify affected individuals (within 72 hours)
   • Report to supervisory authority (GDPR)
   • Document all notifications

8.2 Account Compromise Response

1. Immediate Actions:

   • Lock affected account
   • Force password reset
   • Review account activity

2. Investigation:

   • Determine method of compromise
   • Check for lateral movement
   • Review related accounts

3. Remediation:

   • Reset credentials
   • Enable 2FA
   • Notify user

8.3 DDoS Attack Response

1. Immediate Actions:

   • Activate DDoS protection
   • Implement rate limiting
   • Contact hosting provider (Hetzner)

2. Mitigation:

   • Block malicious traffic
   • Scale resources if needed
   • Monitor attack patterns

3. Recovery:

   • Verify service restoration
   • Analyze attack vectors
   • Update protections

9. Testing and Maintenance

9.1 Testing Schedule

• Tabletop exercises: Quarterly
• Technical drills: Bi-annually
• Full simulation: Annually

9.2 Plan Maintenance

• Review after each incident
• Annual comprehensive review
• Update contact information monthly

10. Document Control

Risk Assessment

Document ID: ISMS-POL-004
Version: 1.0
Assessment Date: December 29, 2025
Next Review: June 29, 2026
Classification: Internal

1. Purpose

This Risk Assessment identifies, analyzes, and evaluates information security risks to anonymize.today. It provides the basis for risk treatment decisions and security control implementation.

2. Scope

This assessment covers:

• Information assets (customer data, system configurations, code)
• Technical infrastructure (servers, databases, networks)
• Application security (frontend, backend services)
• Operational processes (deployment, monitoring, support)

3. Risk Assessment Methodology

3.1 Risk Calculation

Risk = Likelihood × Impact

3.2 Likelihood Scale

3.3 Impact Scale

3.4 Risk Matrix

4. Asset Inventory

4.1 Information Assets

4.2 Technical Assets

5. Threat Identification

5.1 External Threats

5.2 Internal Threats

5.3 Environmental Threats

6. Risk Register

6.1 Critical Risks

6.2 High Risks

6.3 Medium Risks

6.4 Low Risks

7. Risk Treatment

7.1 Treatment Options

7.2 Implemented Controls

8. Residual Risk

After implementing controls, the following residual risks remain:

9. Risk Monitoring

9.1 Key Risk Indicators (KRIs)

9.2 Review Schedule

10. Document Control

Statement of Applicability (SoA)

Document ID: ISMS-POL-005
Version: 1.0
Effective Date: December 29, 2025
Review Date: December 29, 2026
Classification: Internal

1. Purpose

This Statement of Applicability (SoA) documents the ISO/IEC 27001:2022 Annex A controls applicable to anonymize.today, their implementation status, and justification for inclusion or exclusion.

2. Scope

This SoA covers all information security controls relevant to the anonymize.today PII anonymization platform, including:

• Cloud-hosted infrastructure (Hetzner)
• Web application (Next.js frontend)
• Backend services (Presidio Analyzer/Anonymizer)
• Database
• Customer data processing

3. Control Selection Methodology

Controls were selected based on:

• Risk assessment results
• Legal and regulatory requirements (GDPR)
• Business requirements
• Customer expectations
• Industry best practices

4. Control Categories Overview

5. Detailed Control Status

A.5 Organizational Controls

A.6 People Controls

A.7 Physical Controls

A.8 Technological Controls

6. Exclusion Justifications

Physical Controls (A.7.3, A.7.6, A.7.7, A.7.9-A.7.14)

Justification: anonymize.today is a cloud-only SaaS platform hosted on Hetzner Cloud. Physical security is managed by Hetzner (ISO 27001 certified data centers). No physical premises or equipment are maintained.

People Controls (A.6.1, A.6.2, A.6.4)

Justification: Small team/solo operation. Formal HR processes not applicable at current scale.

Endpoint Controls (A.8.1, A.8.23)

Justification: SaaS model where customers use their own devices. No managed endpoints.

Outsourced Development (A.8.30)

Justification: All development is performed in-house.

7. Implementation Evidence

8. Continuous Improvement

Planned Improvements

9. Document Control