Security at Clone Detector

We take the security of your data seriously. Learn about the measures we implement to protect your information and our platform.

As a security-focused platform dedicated to protecting brands from domain cloning and phishing threats, we understand that trust is paramount. Clone Detector is built with security at its core, implementing industry best practices and multiple layers of protection to safeguard your data.

TLS 1.2+

Encrypted Transit

AES-256

Encrypted at Rest

UK GDPR

Compliant

Infrastructure Security

Our platform is built on enterprise-grade cloud infrastructure with multiple security controls.

Cloud Infrastructure

Clone Detector is hosted on Amazon Web Services (AWS), leveraging their world-class data centres and security infrastructure.

  • UK and EU data centre regions
  • Virtual Private Cloud (VPC) isolation
  • Network firewalls and security groups
  • DDoS protection

Database Security

All data is stored in managed database services with enterprise security features.

  • Encryption at rest using AES-256
  • Automated encrypted backups
  • Network isolation from public internet
  • Point-in-time recovery capability

Network Security

Multiple layers of network protection ensure secure communication.

  • TLS 1.2+ for all connections
  • HTTPS enforced across all endpoints
  • Web Application Firewall (WAF)
  • Rate limiting and throttling

Data Protection

Encryption in Transit

All data transmitted to and from Clone Detector is encrypted using TLS 1.2 or higher

Encryption at Rest

Stored data is encrypted using AES-256 encryption in our databases and file storage

Secure Password Storage

Passwords are hashed using bcrypt with appropriate work factors

Data Minimisation

We collect only the data necessary to provide our services

Access Controls

Strict role-based access controls limit data access to authorised personnel

Audit Logging

Comprehensive logging of all access and changes for security monitoring

Application Security

Authentication

Secure authentication using JWT tokens with 24-hour expiration. Account lockout after multiple failed login attempts protects against brute force attacks.

Input Validation

All user inputs are validated and sanitised to prevent injection attacks including SQL injection and cross-site scripting (XSS).

API Security

All API endpoints require authentication. Rate limiting prevents abuse and ensures fair usage across all users.

Session Management

Secure session handling with automatic expiration. Sessions are invalidated upon logout or password change.

Dependency Management

Regular updates and security patching of all software dependencies. Automated vulnerability scanning of our codebase.

Secure Development

Security-focused code reviews and testing. Following OWASP guidelines and security best practices throughout development.

Compliance & Standards

UK GDPR

Full compliance with the UK General Data Protection Regulation, ensuring your personal data is handled with care and transparency.

Data Protection Act 2018

Adherence to UK data protection legislation, including appropriate data handling, retention, and subject access rights.

OWASP Top 10

Our application is developed with awareness of OWASP Top 10 security risks, with controls to mitigate each category.

Your Security

Security is a shared responsibility. Here’s how you can help protect your account:

Strong Passwords

Use a unique password with at least 8 characters, including uppercase, lowercase, and numbers. Consider using a password manager.

Secure Your Email

Your email is used for account recovery. Ensure your email account is secured with a strong password and two-factor authentication.

Monitor Your Account

Regularly review your account activity and scan history. Contact us immediately if you notice anything suspicious.

Keep Software Updated

Ensure your browser and operating system are up to date to protect against known vulnerabilities.

Responsible Disclosure

We value the security research community and welcome responsible disclosure of any vulnerabilities you may discover.

If you believe you have found a security vulnerability in Clone Detector, please report it to us responsibly:

  • Email your findings to security@clonedetector.com
  • Provide sufficient detail for us to reproduce and understand the issue
  • Allow reasonable time for us to investigate and address the vulnerability
  • Do not access, modify, or delete data belonging to other users
  • Do not publicly disclose the vulnerability until we have addressed it

We are committed to working with security researchers and will acknowledge your contribution in addressing any confirmed vulnerabilities.

Security Questions?

If you have questions about our security practices or need to report a security concern:

Security Team: security@clonedetector.com

Essential AI Solutions LTD | essentialai.uk