Security & Trust

How Whois JSON API protects customer data, API access, and service reliability.

Transport Security

The public website, dashboard, and APIs are served over HTTPS. API customers should send credentials with the Authorization: Bearer header and keep tokens out of URLs, browser code, and logs.

Access Control

Customer accounts and API tokens are used to control access to paid API functionality. Internal access to production systems is limited to personnel who need it to operate, secure, and support the service.

Data Practices

We process customer data to provide, secure, support, maintain, and improve the service. We do not sell customer data or use customer data for unrelated advertising purposes.

Infrastructure

The service may use hosting, CDN, DDoS protection, payment, email, logging, and monitoring providers to operate reliably. Subprocessor information is described in the DPA and Privacy Policy.

Incident Response

We investigate suspected security incidents, take steps to contain and remediate confirmed issues, and provide notices required by applicable law or customer agreements.

Availability

We aim for 99.9% uptime for paid API plans. Enterprise plans may include SLA-backed commitments and service credits under a separate written agreement. Current service health is available on the status page.

Report a Security Issue

Send suspected vulnerabilities, exposed credentials, or abuse reports to [email protected]. Include enough detail for us to reproduce or investigate the issue.