ForgetLess Transcriber logo
ForgetLessTranscriber
Gratis aanmelden

Security.

Your data and account are protected with multiple layers of security. Here's exactly how.

2FA & brute-force protection
SOC 2 & ISO 27001 infra
GDPR compliant

At a glance

  • Passwords are stored hashed (bcrypt) and never kept in plain text.
  • Optional two-factor authentication (2FA) with TOTP and backup codes.
  • CAPTCHA and disposable email blocking protect against automated registrations.
  • Payment data is handled exclusively by PayPal — not stored on our servers.
  • Infrastructure is SOC 2 Type II and ISO 27001 certified via Abacus.AI.

Application security

Two-factor authentication (2FA)

Optional TOTP authentication with backup codes. 2FA secrets are encrypted with AES-256-GCM.

Brute-force & lockout protection

Rate limiting on login attempts, registration and 2FA. After 20+ failed attempts, your account is temporarily locked and you receive a warning email.

Password security

Passwords are hashed with bcrypt (cost factor 12). We enforce minimum length and complexity requirements.

CAPTCHA & anti-spam

Registration is protected with Google reCAPTCHA v3 (invisible). Disposable email addresses are automatically blocked.

Role-based access control

Strict separation between user and admin permissions (RBAC). Admin routes have additional idle-timeout protection.

Audit trail

All account actions (logins, changes, deletions) are logged with timestamps and IP addresses.

Device detection

When you log in from a new device or IP address, you automatically receive an email alert.

Session management

JWT tokens with invalidation, SameSite cookies and CSRF protection via NextAuth. Admin sessions expire after 24 hours of inactivity.

01

Infrastructure & compliance

ForgetLess Transcriber runs on Abacus.AI infrastructure, a platform with the following certifications and security measures:

  • SOC 2 Type II and ISO 27001 certified
  • AES-256 encryption at rest, TLS 1.2+ for data in transit
  • Hosted on AWS/Azure/GCP data centers with 24/7 physical security
  • Web Application Firewall (WAF) and Intrusion Prevention System (IPS)
  • DDoS protection through specialized mitigation services
  • Logical data separation per customer in the database

View the full security overview at abacus.ai/security.

02

Payment security

All payments are processed by PayPal. We store no payment information on our servers. PayPal is PCI DSS Level 1 certified and offers buyer protection on all transactions.

03

Privacy & data protection

We follow GDPR (General Data Protection Regulation) principles and offer:

  • Data export: download all your data as JSON from your account
  • Account deletion: full deletion with anonymization of personal data
  • Data minimization: we only collect what is necessary for the service

Read our full privacy policy on the privacy page.

Security headers

All pages are served with comprehensive security headers:

Content-Security-Policy
Strict-Transport-Security (HSTS)
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin
X-Frame-Options: SAMEORIGIN
Permissions-Policy (cam/mic/geo)

Report a security issue?

Found a security issue or vulnerability? Contact us at [email protected]. We take every report seriously and respond within 48 hours.

Last updated: April 2026

Nog vragen over onze privacy of beveiliging?
We helpen je graag. Mail ons op [email protected].
Start gratis