Security & trust
Specifics, not marketing adjectives. How ViewPeek protects your monitoring data at every layer.
Encryption
Encrypted in transit
All traffic to viewpeek.com runs over TLS with HSTS preloading. No plaintext fallback is possible.
Encrypted at rest
Your monitor configurations, results, and account data are stored on encrypted disks. Even with physical disk access, the data is unreadable.
Outbound checks via TLS
When ViewPeek's monitors fetch your sites for uptime or sitemap checks, they use modern TLS — and validate the certificate chain along the way.
Hashed credentials
Passwords are hashed; we never log them in plaintext. Recovery is via emailed reset link only.
Authentication
Two-factor authentication
Available on every plan, including Free. Works with Google Authenticator, Authy, 1Password, Bitwarden, and any standard authenticator.
Brute-force protection
Login attempts are rate-limited. Repeated failures lock the account temporarily; every attempt is recorded.
Strong password policy
Minimum 12 characters with mixed case, digits, and symbols. Enforced on registration and password changes.
Single sign-on (SSO)
Standards-compliant SAML on every paid plan. Connect Okta, Microsoft Entra ID, Google Workspace, Keycloak, Auth0, OneLogin.
Auto-provisioning (SCIM)
On every paid plan. Your IdP creates and removes ViewPeek accounts automatically.
Session hardening
Cookies are HttpOnly, Secure, SameSite. CSRF tokens guard every state-changing form. Sessions rotate on login.
Data residency
ViewPeek runs entirely inside the European Union. Your monitor configurations, results, and account data are stored on OVH infrastructure in France — never copied outside the EU, never cached on US infrastructure, never subject to the US CLOUD Act.
Payments are processed by Stripe (Ireland). Sub-processor and retention details are in our privacy policy; for procurement reviews, email contact@dynamic-foundries.com.
GDPR
Account holders can exercise GDPR rights — access, rectification, erasure, portability, objection — by emailing contact@dynamic-foundries.com with the subject "Data Protection Request". We respond within 30 days.
Responsible disclosure
If you've found a security issue, email contact@dynamic-foundries.com with the subject "Security disclosure". We acknowledge reports within 48 hours and aim to ship fixes for high-severity issues within 30 days. Please don't test against accounts other than your own — ask and we'll provision a clean test account.
A French company you can hold accountable
Your data, EU jurisdiction. No CLOUD Act, no transatlantic risk.