Security Policy

Your API key is a credential equivalent to a password for your account. Treat it accordingly:

• —Never commit an API key to a public repository. Use environment variables or a secrets manager.
• —Never share your API key with third parties or include it in client-side code.
• —Rotate your key immediately if you suspect it has been exposed.
• —Report suspected compromise to [email protected] without delay.

We will never ask for your API key by email, Slack, or any other channel. If you receive such a request, report it to [email protected] immediately.

We operate a responsible disclosure policy. If you discover a security vulnerability in the Law4Devs API, dashboard, or any other service we operate, we ask you to report it to us before disclosing it publicly.

We commit to not taking legal action against researchers who report vulnerabilities in good faith, provide reasonable time for remediation before publication, and do not access or modify data beyond what is necessary to demonstrate the issue.

The Law4Devs API does not require you to transmit personal data to query regulatory frameworks. Query parameters such as product type, sector, or company size are used solely to filter results and are not retained beyond the request lifecycle.

Account-level data (email address, billing information, API usage logs) is handled in accordance with our Privacy Policy. If you process personal data through your integration, our Data Processing Agreement is available for Pro and Scale tier customers.

In the event of a security incident affecting customer data or API availability, we will notify affected customers within 72 hours of becoming aware of the incident, in accordance with GDPR Article 33.

Notifications will be sent to the email address associated with your account. Ensure your account email is current and monitored. You can update it at any time from your dashboard.

For general security questions, contact [email protected].