Security
How we protect your data. Addrex is designed with security and privacy as core requirements, not afterthoughts.
Encryption in transit
All API communications are encrypted using TLS 1.2+. We enforce HTTPS on all endpoints with no fallback to unencrypted connections.
Encryption at rest
Stored data, including batch files and account information, is encrypted at rest using AES-256.
API key authentication
Access is controlled via secure, revocable API keys. Keys are hashed and never stored in plaintext. You can rotate or revoke keys instantly from your dashboard.
Redacted logging
PII is excluded from application logs by default. We log request metadata (timestamps, status codes, latencies) without recording the content of your address queries.
Configurable data retention
For real-time API calls, address data is not retained beyond the request. For batch files, retention defaults to 7 days and can be shortened or set to immediate deletion.
Infrastructure security
Our infrastructure runs on SOC 2 compliant cloud providers with network isolation, access controls, and regular vulnerability scanning.
Responsible disclosure
If you discover a security vulnerability in our service, we appreciate your help in disclosing it responsibly. Please email security@addrex.io with details of the vulnerability.
We ask that you give us reasonable time to investigate and address the issue before making any public disclosure. We will not take legal action against researchers who act in good faith.
Compliance & certifications
Addrex does not claim USPS DPV or CASS certification. We perform reference validation against our national dataset and are transparent about our approach.
Our infrastructure providers maintain SOC 2 Type II compliance. We are working toward our own SOC 2 certification and will update this page when available.
Questions about our security practices? Contact us at our contact page or email security@addrex.io.