Security & Compliance
Wryn takes security and data privacy seriously.
Data Security
Encryption
- In Transit: TLS 1.3 encryption for all API requests
- At Rest: AES-256 encryption for stored data
- Credentials: Encrypted storage for API keys and secrets
Infrastructure
- Cloud infrastructure on AWS/GCP
- Regular security audits
- DDoS protection
- Automated backups
- 99.9%+ uptime guarantee
Access Control
- API key authentication
- Optional IP whitelisting
- Role-based access control (RBAC)
- Audit logs for all API requests
Data Privacy
Data Retention
- Scrape Results: Retained for 30 days (configurable)
- Logs: 90 days
- No permanent storage of scraped data by default
- On-demand deletion available
GDPR Compliance
- Data processing agreements available
- Right to erasure honored
- Data portability supported
- Privacy by design
Data Location
- Primary data centers: India, US, EU
- Region selection available (Enterprise)
- No cross-border transfers without consent
Compliance
Standards
- SOC 2 Type II (in progress)
- ISO 27001 (in progress)
- GDPR compliant
- CCPA compliant
Responsible Scraping
Wryn provides the technology, but users must:
- Review target website Terms of Service
- Respect robots.txt files
- Comply with applicable laws
- Use data responsibly
- Add appropriate rate limiting
Legal Responsibility
You are responsible for ensuring your scraping activities comply with applicable laws and website terms of service. Wryn is not liable for misuse of the service.
Security Features
API Key Management
- Secure key generation
- Key rotation support
- Automatic expiry options
- Revocation capabilities
IP Whitelisting
Restrict API access to specific IPs:
- Single IPs
- CIDR ranges
- Multiple locations
Webhook Security
- HMAC signature verification
- TLS-only delivery
- Retry with backoff
- Timeout protection
Request Validation
- Input sanitization
- Rate limiting
- Malformed request rejection
- CAPTCHA protection
Best Practices
Secure API Keys
# Good - environment variable
api_key = os.environ['WRYN_API_KEY']
# Bad - hardcoded
api_key = "wryn_live_1234..." # Never do this!
Use HTTPS
Always use HTTPS for webhooks:
webhook_url = "https://your-app.com/webhook" # Good
webhook_url = "http://your-app.com/webhook" # Bad
Rotate Keys Regularly
# Rotate keys every 90 days
# Create new key
# Update applications
# Delete old key
Monitor Usage
# Check for unusual activity
account = client.get_account()
if account.requests_today > expected_usage * 2:
alert_security_team()
Incident Response
Security Incidents
If you suspect a security issue:
- Email: security@wryn.io
- Include: Description, impact, evidence
- Response time: Within 24 hours
Service Status
Monitor service health:
- Status page: status.wryn.io
- Subscribe to updates
- Historical uptime data
Vulnerability Disclosure
Responsible Disclosure
We welcome security researchers:
- Report vulnerabilities to security@wryn.io
- Allow time for investigation and fix
- Public disclosure after resolution
- Recognition in security page
Bug Bounty
- Rewards for valid vulnerabilities
- Severity-based payouts
- Safe harbor for ethical researchers
Certifications
Current
- PCI DSS Level 1 Service Provider
- Privacy Shield certified
- GDPR compliant
In Progress
- SOC 2 Type II (Q2 2026)
- ISO 27001 (Q3 2026)
Contact
Security questions or concerns:
- Email: security@wryn.io
- PGP Key: Download
- Response: Within 24 hours