Back to home
Security First

Security

We take the security of your data and Telegram accounts seriously. Your trust is our foundation.

AES-256 Encryption
TLS 1.3
GDPR Compliant
EU Data Centers
SOC 2 Type II
RBAC & Audit Logs

Encryption

  • AES-256 encryption at rest for all stored data
  • TLS 1.3 for all data in transit
  • Per-user encryption keys for Telegram session tokens
  • Session tokens stored separately from account data
  • Tokens never exposed via our API

Authentication

  • Passwords hashed with PBKDF2:SHA256 (never plaintext)
  • Secure HTTP-only session cookies
  • CSRF protection on all state-changing requests
  • Rate limiting on authentication endpoints
  • Support for Telegram 2FA-enabled accounts

Telegram Session Security

  • Session files encrypted at rest and isolated per account
  • Rate limiting that respects Telegram's own limits
  • Automatic flood wait handling to prevent bans
  • Session tokens revocable at any time from dashboard
  • Proxy support for additional account isolation

Infrastructure

  • Hosted in EU data centers (SOC 2 Type II certified)
  • Containerized deployments with automated rollbacks
  • Automated vulnerability scanning in CI pipeline
  • Regular encrypted backups with point-in-time recovery
  • Network segmentation and firewall rules

Access Controls

  • Role-based access: Owner, Admin, Editor, Viewer
  • Principle of least privilege for all team members
  • Immutable audit trail for all administrative actions
  • API access scoped to minimum required permissions
  • Team invite system with email verification

Incident Response

  • Documented incident response plan with severity levels
  • Security incidents communicated within 72 hours
  • Regular security reviews and penetration tests
  • Bug bounty program for responsible disclosure
  • Post-incident reviews and public transparency reports

Compliance & Data Rights

We're committed to meeting the highest standards of data protection.

GDPR

Full compliance with EU data protection regulations. Data processing agreements available on request.

Data Residency

All data stored within EU borders. No transfers to non-adequate countries without safeguards.

Data Portability

Export all your data at any time in machine-readable format from your account settings.

Right to Erasure

Request complete deletion of your data. Personal information purged within 30 days.

Report a Vulnerability

Found a security issue? We appreciate responsible disclosure and will work with you to address it quickly. We respond to all reports within 24 hours.

security@dripl.io

What to include:

Description of the vulnerability
Steps to reproduce the issue
Potential impact assessment
Your contact information (optional)
Privacy PolicyTerms of ServiceContact Us