πŸ“Š 2026 Email Verification Market Report β€” 20 providers benchmarked.Read Report
BillionVerify
Sign In

Security Overview

Security controls and operational practices used to help protect service infrastructure and customer data

Last updated: May 30, 2026

This page summarizes the security controls and operational practices used to operate BillionVerify. It is a practical overview for customers and security reviewers, not a certification report or independent audit.

BillionVerify does not currently maintain a completed SOC 2 attestation. Customers can review this page together with our DPA, subprocessors, data retention, and security questionnaire responses where applicable.

1. Infrastructure Security

  • The service uses cloud and server infrastructure with network boundaries between public endpoints and internal services.
  • Production and administrative access is limited to authorized operators with a business need.
  • Application and deployment changes are managed through repository-controlled configuration and release workflows where applicable.
  • Cloudflare is used for edge, CDN, tunnel, storage, and related infrastructure protections where configured.

2. Encryption

2.1 In Transit

HTTPS/TLS is used for customer website access, dashboard traffic, API access, and supported service-to-service communication.

2.2 At Rest

Private object storage for uploaded files and result files uses provider-managed encryption at rest where configured. Database, secret, and backup protections are reviewed as part of production infrastructure operations and customer security review responses where applicable.

3. Access Control

  • Internal access is granted based on role and business need.
  • Administrative and production access is limited to authorized personnel.
  • Internal web-to-API GDPR operations use HMAC authentication rather than customer API keys.
  • API keys and webhooks are revoked or disabled during account deletion.
  • Administrative provider accounts use provider-supported MFA where available and configured for the account.

4. Monitoring and Logging

  • Structured logs and metrics are used to monitor service health, abuse signals, and operational issues.
  • Rate limiting and abuse controls are applied to help protect the service.
  • Sensitive fields are redacted or minimized before log export where configured.
  • GDPR-related deletion, DSAR, and support actions are recorded in the GDPR audit workflow.

5. Incident Response

Security events are triaged through internal support and engineering escalation. When an event may affect customer data, BillionVerify investigates scope, preserves relevant audit information, mitigates the issue, and communicates with affected customers where required by applicable law or contractual terms.

6. Backup and Recovery

Backup and recovery procedures are maintained for operational continuity. Backup scope and recovery procedures are reviewed as part of infrastructure operations and customer security reviews where applicable.

7. Contact

Security questions can be sent to support@billionverify.com.

BillionVerify Support
Email: support@billionverify.com
Website: billionverify.com