Security

Review-gated findings

Automated scans produce raw findings, but nothing is shown to you until a person has reviewed it. This keeps noisy or low-confidence matches out of your dashboard and protects you from acting on something that isn't actually relevant.

Password hashing

Passwords are never stored in plain text. We use one-way, industry-standard password hashing — even our own team cannot see your password. Password resets and changes go through a secure, single-use, time-limited link flow rather than emailing or displaying any password.

Private configuration, kept separate

Database credentials, API keys, and mail settings live in a private configuration file that is kept out of our source code repository entirely — it's never committed, never bundled with deployments of the codebase itself, and never printed in logs or error messages.

Billing handled by Stripe

Payment processing is handled by Stripe. We don't store full card numbers, and webhook events are verified with a signing secret before we trust them.

Email notification boundaries

Notification emails are sent only for account events you'd expect — reviewed findings (if you've opted in) and security events like password resets. We don't send marketing email blasts from your monitoring data.

No customer-visible unreviewed findings

Findings default to "needs review" and are not visible to customers until an admin marks them reviewed and visible. This is enforced at the database and application layer, not just in the interface — there is no path that skips review.

No raw scanner data exposed

Customers never see raw scanner output, internal scanner paths, or unreviewed evidence. What appears in your dashboard, reports, and emails is always sanitized and organized by a person first — never a direct feed from the monitoring system itself.

Controlled, opt-in customer alerts

You decide whether you receive email alerts for reviewed findings — that preference lives on your account page and is respected every time. Alerts are only ever sent after a finding has been reviewed and approved for your visibility, never before.

Responsible disclosure

If you believe you've found a security issue with DMCA WatchDog, please email [email protected] with details. We appreciate reports made in good faith and will work with you to understand and address the issue.

DMCA WatchDog provides monitoring and operational takedown support. This is not legal advice. This page describes our operational practices in plain language and is not a certification or compliance attestation.