Security & Trust

Security Is the Product

The entry point to your app, secured with enterprise-grade controls.

AES-256 · TLS 1.2/1.3Encrypted at rest & in transit
EU data residencyIsolated, dedicated database
Certified infrastructureBuilt on SOC 2 / ISO 27001 vendors
Official Meta Tech ProviderFirst-party WhatsApp delivery

Encryption

Encrypted in transit (TLS 1.2/1.3) and at rest (AES-256). Isolated database, automated encrypted backups. API keys are encrypted and rotatable on demand.

Anti-Abuse

Bot challenges, adaptive rate limiting, and OWASP API Top 10 controls on every OTP request. Abuse is rejected before a message is sent, at zero provider cost.

Identity & Access

MFA, role-based access, and SAML/SSO. Phishing-resistant FIDO2/WebAuthn passkeys. No passwords or biometrics stored.

Privacy

Data Processor under GDPR, UK GDPR, and Egypt's PDPL. Export on request, deletion within 30 days. DPA available for enterprise.

Certifications

Built on SOC 2 Type II and ISO 27001 certified infrastructure. Third-party penetration test underway. Full sub-processor list, DPA, and audit documentation available to enterprise customers on request.

Anti-Abuse Architecture

Watch a Request Run Every Layer

Independent controls on every OTP request. Abuse stopped early, at zero provider cost.

Press a button to send a request through every layer.

  1. TLS + WAF at the edge

    TLS terminated and traffic screened at the edge.

  2. Automated bot challenge

    Automated bot challenge before any OTP is sent.

  3. Device fingerprinting

    Fingerprinting catches repeat abuse from rotating identities.

  4. Adaptive rate limiting

    Adaptive limits throttle abnormal bursts.

  5. Per-IP / per-number limits

    Granular per-IP and per-number limits.

  6. OWASP API Top 10 controls

    Endpoint controls mapped to OWASP API Top 10.

  7. OTP dispatched

    Only clean requests reach delivery: WhatsApp → Telegram → SMS.

99.9% uptime

Monitored live at status.akedly.io.

Reliable by design

Zero-downtime deployments. Encrypted backups, rapid recovery.

72-hour breach notice

72-hour breach notice to affected customers.

Need the Full Security Documentation?

Security Questionnaire, System Card, and a technical walkthrough under NDA.

Or read the pricing and developer docs.