Trust & Security
How we protect customer data, who is behind the service, and which sub-processors we share data with.
The legal entity
- Company
- LMTS DEVELOPMENT LTD
- Companies House number
- 17148125
- Director
- Panikkos Panayiotou
- Contact
- hello@cloudbrowserapi.com
- Security contact
- security@cloudbrowserapi.com
- DPO contact
- dpo@cloudbrowserapi.com
- Registered office
- 12-14 Kennington Road, London, SE1 7BL, United Kingdom
The data on this page is the public commercial signal we expose to Google and Yandex for E-E-A-T and commercial-trust ranking factors. See Companies House for the canonical record.
Compliance
| Standard | Status |
|---|---|
| SOC 2 Type II | In audit, expected Q3 |
| GDPR | DPA available on request |
| HIPAA | Available on Enterprise (signed BAA) |
| ISO 27001 | On the roadmap, 2027 |
Sub-processors
We update this list and email customers in advance of any new processor that handles personal data.
| Vendor | Purpose |
|---|---|
| Stripe Payments Europe Ltd. (IE) | Payment processing (planned, not yet active) |
| Bunny.net (SI) | Authoritative DNS, CDN, WAF |
| Cherry Servers UAB (LT) | Bare-metal hosting for the marketing site, dashboard, gateway and mail server (89.124.117.37) |
| Google Ireland Limited (IE) | Google Analytics 4 + Google Tag Manager + Google Ads conversion measurement |
| 2Captcha / CapSolver / AntiCaptcha | CAPTCHA solving rotation (only when ?solve=true is passed) |
| Bright Data / Oxylabs / IPRoyal | Residential proxy rotation (only when &proxy=residential is passed) |
| Let’s Encrypt (ISRG) | TLS certificate issuance for *.cloudbrowserapi.com |
Security practices
- Ephemeral browser containers — destroyed at session end, no persistent disk for customer data unless you explicitly opt in to BYO storage.
- API keys hashed at rest, scoped per environment (test / live), rotateable in the dashboard.
- All traffic over TLS 1.2+; HSTS preloaded; mTLS available on Enterprise.
- Cloudflare WAF in front of the marketing site; Fastify rate-limits in front of the gateway.
- Annual third-party penetration test starting with the first SOC2 Type II window.
- Responsible-disclosure program: security@cloudbrowserapi.com.