Enterprise-Grade Security
Your Data,
Protected
TailPDF is built with security at its core. From encryption in transit to isolated rendering environments, your content is protected at every step.
Encryption Everywhere
All data is encrypted in transit using TLS 1.3. API keys are securely hashed and stored. We never log or persist your HTML content.
Isolated Rendering
Each PDF is rendered in an isolated, sandboxed Chrome instance. No cross-tenant data leakage, no shared state between requests.
Zero Persistence
Generated PDFs are never stored. HTML markup storage for rebuilds is optional and can be disabled. Your content stays yours.
Network Isolation
Render workers operate in isolated network environments. External network access is blocked by default to prevent SSRF attacks.
Secure Authentication
Two-factor authentication (2FA) protects your account. API keys are cryptographically generated and can be rotated or revoked instantly.
GDPR Compliant
Fully compliant with UK GDPR and EU data protection regulations. Choose your data residency region: US, EU, or UK.
Infrastructure
Built on secure foundations
TailPDF runs on hardened infrastructure with multiple layers of protection. Our architecture is designed to prevent unauthorized access at every level.
-
DigitalOcean & Hetzner
Hosted on DigitalOcean and Hetzner with isolated networks, firewalls, and encrypted volumes
-
Cloudflare Protection
DDoS protection, WAF, and secure tunnels for all internal communication
-
Secure Tunnels
All communication between API and PDF workers via encrypted Cloudflare tunnels
-
Automated Backups
Daily encrypted backups with point-in-time recovery and geo-redundancy
Status Page
View live system status
British Company
TailPDF is operated by Warm Energy Labs Limited, a company registered in England and Wales (Company No. 14120157). We're subject to UK data protection laws and GDPR.
- UK GDPR compliant
- ICO registered
- VAT registered (GB482750081)
Modern Development
We follow industry best practices for secure software development, with automated testing, code review, and continuous deployment.
- Automated CI/CD pipelines
- Dependency vulnerability scanning
- Infrastructure as code
Security Best Practices
Recommendations for securing your TailPDF integration
Keep API keys secret
Never expose API keys in client-side code or public repositories. Use environment variables and secret management tools. Call TailPDF from your server, not from the browser.
Rotate keys regularly
Generate new API keys periodically and revoke old ones. If you suspect a key has been compromised, rotate it immediately from your dashboard.
Sanitize user input
If your HTML includes user-provided content, sanitize it before sending to TailPDF. This prevents XSS in generated PDFs and protects your end users.
Use PDF password protection
For sensitive documents, enable PDF password protection. Available on Business and Enterprise plans. Encrypt PDFs with user or owner passwords.
Monitor your usage
Review your API logs and usage patterns regularly. Unexpected spikes could indicate compromised credentials. Set up alerts for unusual activity.
Enterprise Security
Need advanced security controls?
Enterprise plans include additional security features for regulated industries and high-security environments.
- Private VPC / VPN ingress
- Custom Data Processing Agreements
- Dedicated infrastructure with zero shared tenancy
- Audit logs and compliance reporting
- On-premises Docker deployment option
{
"encryption": "AES-256-GCM",
"tls_version": "1.3",
"isolation": "container",
"network_access": false,
"data_retention": "transient",
"audit_logging": true
}Report a Vulnerability
Found a security issue? We take all reports seriously and appreciate responsible disclosure.
Please report security vulnerabilities to [email protected]. Include:
- Description of the vulnerability
- Steps to reproduce
- Potential impact
- Any suggested fixes (optional)
We aim to respond to security reports within 24 hours and will keep you updated on our progress.
Build with confidence
Start generating PDFs with enterprise-grade security. No credit card required.