Security

Overview

Security is fundamental to Meterwise. We handle sensitive API keys and usage data, and we take our responsibility to protect this information seriously. This page outlines our security practices and what we're doing to keep your data safe.

Data Protection

Encryption at Rest

• All API keys and credentials are encrypted using AES-256 encryption before storage
• Encryption keys are managed securely and rotated regularly
• Database backups are also encrypted
• Sensitive data is never stored in plain text

Encryption in Transit

• All data transmission uses TLS 1.3 or higher
• API communications are encrypted end-to-end
• We enforce HTTPS for all web traffic
• Certificate pinning for critical API endpoints

Infrastructure Security

Cloud Infrastructure

• Hosted on industry-leading cloud providers with SOC 2 Type II compliance
• Infrastructure-as-code for consistent and auditable deployments
• Regular security patches and updates
• Network isolation and firewalls to protect production systems

Access Controls

• Multi-factor authentication (MFA) required for all team members
• Role-based access control (RBAC) with principle of least privilege
• Access to production data is logged and monitored
• Regular access reviews and revocation of unused permissions
• Separate staging and production environments

Application Security

Secure Development

• Code review required for all changes
• Automated security scanning in CI/CD pipeline
• Dependency vulnerability scanning and updates
• Input validation and output encoding to prevent injection attacks
• Protection against OWASP Top 10 vulnerabilities

API Security

• Rate limiting to prevent abuse
• API authentication and authorization
• Request validation and sanitization
• Logging and monitoring of API usage

Monitoring and Incident Response

Continuous Monitoring

• 24/7 automated monitoring for security threats and anomalies
• Real-time alerts for suspicious activity
• Regular security log reviews
• Performance and availability monitoring

Incident Response

• Defined incident response procedures
• Security incident classification and escalation
• Post-incident analysis and remediation
• Communication plan for affected users in case of breach

Third-Party Security

We carefully vet third-party services and vendors:

• Due diligence on security practices before integration
• Preferring vendors with security certifications (SOC 2, ISO 27001, etc.)
• Minimal data sharing with third parties
• Regular review of third-party access and permissions

Data Handling

• We never share or sell your API keys or usage data
• Your API keys are only used to fetch data on your behalf
• Data isolation between customer accounts
• Secure data deletion procedures when accounts are closed
• Regular backups with encryption and secure storage

Alpha Program Considerations

Your Responsibility

You play an important role in security:

• Keep your account credentials secure and confidential
• Use strong, unique passwords
• Don't share your invite code or account access
• Report suspicious activity or security issues promptly
• Review connected providers and permissions regularly

Reporting Security Issues

If you discover a security vulnerability or have security concerns, please report them responsibly:

Future Security Initiatives

As we move from alpha to general availability, we plan to implement:

• SOC 2 Type II certification
• Third-party security audits and penetration testing
• Bug bounty program
• Enhanced logging and audit trails
• Additional compliance certifications as needed

Questions and Contact

For security questions or concerns:

Security: security@meterwise.co

General Support: support@meterwise.co

See also: Privacy Policy | Terms of Service