Security at 10-DLC.com

Security is built into every layer of our platform. From the moment you create an account to the second your campaign goes live, your data is protected by industry-standard safeguards designed for enterprise workloads.

We follow the principle of least privilege, encrypt everything we can, and continuously monitor our systems for threats. Our goal is simple: you should never have to worry about the safety of the information you entrust to us.

Our platform runs on Amazon Web Services (AWS), leveraging their world-class physical security, redundancy, and compliance certifications. Key infrastructure practices include:

• Isolated environments — Production, staging, and development systems are fully separated with independent credentials.
• Network segmentation — Databases and internal services are not accessible from the public internet. Only authorized application servers can reach them.
• Automated patching — Operating systems and dependencies are kept up to date with security patches applied regularly.
• DDoS protection — Our infrastructure includes built-in protection against distributed denial-of-service attacks.

We enforce strict access controls so that only the right people can see the right data:

• Role-based access (RBAC) — Every user is assigned a role with specific permissions. Brand users can only see their own data; administrators have defined, auditable access levels.
• Audit logging — All significant actions — logins, data changes, permission updates — are recorded in an immutable audit log for review and compliance.
• Session management — Sessions expire after a period of inactivity, and tokens are rotated regularly to limit the window of exposure.
• Multi-factor authentication — MFA is available for all accounts and recommended for administrators and users handling sensitive data.

We maintain policies and controls aligned with recognized security frameworks:

• SOC 2 readiness — Our controls are designed around the SOC 2 Trust Services Criteria for security, availability, and confidentiality.
• Data handling policies — We maintain documented policies for data classification, handling, and disposal that cover every stage of the data lifecycle.
• Vendor security reviews — Third-party services we integrate with are evaluated for their security posture before adoption and reviewed regularly.

We retain your data only as long as it is needed to provide our services or as required by law:

• Active account data is retained for the duration of your subscription.
• After account deletion, personal data is purged from production systems within 30 days.
• Backups containing deleted data are rotated out within 90 days.
• Audit logs are retained for a minimum of 12 months for compliance purposes.
• You can request a full data export or deletion at any time by contacting our support team.

Despite our best efforts, no system is immune to every threat. We maintain a documented incident response plan so that if something does happen, we act quickly and transparently:

1. Detection — Automated monitoring and alerting detect anomalies in real time.
2. Containment — Affected systems are isolated immediately to prevent further impact.
3. Investigation — Our team determines the scope, root cause, and impact of the incident.
4. Notification — Affected customers are notified promptly with clear details about what happened and what we are doing about it.
5. Remediation — We fix the root cause, harden our defenses, and publish a post-incident review when appropriate.

If you have questions about our security practices or need to report a vulnerability, we want to hear from you:

We acknowledge all security reports within 24 hours and provide regular updates until the issue is resolved.