Security

Infrastructure

FlareWarden runs on globally distributed infrastructure designed for reliability and performance:

• Cloud Provider: Hosted on Fly.io's global edge network
• Regions: US-East, EU-West, and Asia-Pacific
• Database: SQLite with Turso for low-latency, globally replicated storage
• Network: All traffic encrypted with TLS 1.2+

Authentication Security

Data Protection

• Encryption in Transit: All data transmitted to and from FlareWarden is encrypted using HTTPS/TLS
• SQL Injection Prevention: All database queries use prepared statements to prevent SQL injection attacks
• Input Validation: All user inputs are validated and sanitized before processing
• SSRF Protection: Monitors cannot target private IP addresses, localhost, or internal networks to prevent Server-Side Request Forgery attacks

Cross-Region Validation

To prevent false positives from regional network issues, FlareWarden validates failures from multiple geographic regions before triggering alerts:

• When a check fails, validation requests are sent to other regions
• Alerts are only triggered when multiple regions confirm the failure
• You can configure the number of required validations (default: 2)
• This significantly reduces false alerts caused by temporary regional issues

Data Isolation

Your data is kept separate from other customers:

• Each monitor has its own isolated database for check results
• Account data is never shared between accounts
• Regional data separation ensures your data stays in your chosen region

Webhook Security

Webhooks include security features to help you verify their authenticity:

• HMAC Signatures: Each webhook includes an X-Webhook-Signature header containing an HMAC-SHA256 signature
• Timestamp Validation: Signatures include timestamps to prevent replay attacks
• Secret Keys: Each webhook endpoint has a unique secret key for signature verification

Access Controls

FlareWarden implements role-based access control for team accounts:

• Owner: Full access including billing and account deletion
• Admin: Manage monitors, team members, and settings
• Editor: Create and modify monitors
• Viewer: Read-only access to monitors and data
• Notify Only: Receive alerts without dashboard access

You can also grant monitor-specific permissions to give users access to only certain monitors.

Audit Logging

All account activity is logged for security and compliance purposes. Audit logs include the action taken, the user who performed it, the IP address, and timestamp. Logs are retained for the duration of your account and can be accessed through your account settings.

Reporting Security Issues

We take security seriously. If you discover a security vulnerability in FlareWarden, please report it responsibly:

We appreciate responsible disclosure and will credit researchers who report valid security issues (with their permission).

Compliance

FlareWarden is designed with privacy and compliance in mind:

• GDPR: We support data export, deletion, and portability rights. See our Data Processing Agreement for EU customers.
• CCPA: California residents can exercise their rights through our account settings or by contacting support.

For more information about how we handle your data, please see our Privacy Policy.