Security and Protection

The security of your data is our main priority. We implement the most rigorous protection measures in the industry.

Last updated: February 2026

End-to-End Encryption

All communications are protected with TLS 1.2+. Passwords are stored with secure hash (bcrypt). SMTP credentials and OAuth tokens are encrypted at rest.

100% secure connections

Secure Infrastructure

Servers in data centers with 24/7 monitoring, daily automated backups with 30-day retention, and complete redundancy.

99.9% uptime guaranteed

Advanced Authentication

Secure login with JWT, two-factor authentication (2FA), mandatory email verification, sessions with automatic expiration, and CSRF tokens.

2FA available

Continuous Monitoring

Observability system with OpenTelemetry for real-time anomaly detection, performance metrics, and automatic alerts.

24/7 active protection

Anti-Abuse Protection

Rate limiting per IP and per user, DDoS attack protection, webhook validation with cryptographic signature, and automatic blocking of suspicious activities.

Anti-spam and anti-DDoS

Protected Data

Payment data exclusively processed by Stripe (PCI DSS). We never store card data. Sensitive credentials encrypted at rest.

PCI DSS via Stripe

Commitment to Your Security

Secure Navigation

TLS 1.2+ on all connections, HSTS enabled

Email Validation

Required verification for new users

Temporary Links

Verification and password reset links with expiration

Dedicated Support

Security team ready to respond

Security Incident Response

In compliance with Art. 48 of the LGPD, we maintain a formal incident response plan:

1

Detection

Continuous monitoring with automatic alerts for unusual security events.

2

Containment

Immediate action to isolate and contain any identified threat, minimizing impact.

3

Notification (72h)

Notification to ANPD within 72 hours and communication to affected data subjects by email with incident details and measures taken.

4

Remediation

Complete root cause investigation, implementation of fixes, and update of preventive measures.

Backup and Disaster Recovery

Daily Backups

Daily automated backups of all data, including database, configurations, and contact lists.

30-Day Retention

Backups kept for 30 days with automatic rotation, allowing data recovery when needed.

Fast Recovery

Disaster recovery (DR) plan periodically tested to ensure fast service restoration.

Exportable Data

You can export all your data at any time in standard formats (CSV/JSON).

Domain Monitoring

Automated continuous monitoring system for your sending domains:

  • Automatic verification of DNS, MX, SPF, DKIM, and DMARC
  • Real-time blacklist monitoring
  • Automatic alerts for configuration issues
  • Recommendations to improve domain reputation

Compliance and Standards

We follow the highest security and privacy standards in the industry

LGPD

General Data Protection Law

SSL/TLS

Encryption in Transit

Anti-Spam

CAN-SPAM and Best Practices

PCI DSS

Secure Payments via Stripe

Responsible Disclosure Program

We value collaboration with security researchers. If you discovered a vulnerability:

1

Report

Send vulnerability details to security@marketautohub.com with a clear description and reproduction steps.

2

Scope

We accept reports on the web application (marketautohub.com), APIs and infrastructure. We exclude social engineering attacks, DDoS and testing on third-party accounts.

3

Response

Acknowledgment within 48 business hours. Assessment and resolution within 30 days, depending on complexity.

4

Recognition

Researchers who report valid vulnerabilities will be recognized (if desired) in our acknowledgments hall.

Report Vulnerability