Security Overview

Encryption in transit. All connections to forthwith.dev are served exclusively over HTTPS. HTTP connections are redirected to HTTPS at the infrastructure level. WebSocket connections for the dashboard use WSS.

Database connections. Connections to the database are encrypted with TLS.

Data minimization. We collect only the data necessary to provide the service: account information (email, hashed password), billing metadata, and the text content you submit for translation.

Retention. Translation content (source strings and translated output) is automatically deleted 30 days after job completion or failure. Cancelled and expired jobs are deleted within 24 hours. API authentication tokens are purged on a daily schedule.

Authentication. Users authenticate via email-based magic links or password. Passwords are hashed using bcrypt. Web sessions are stored in signed, encrypted cookies (SameSite=Lax) and expire after a period of inactivity.

API access. The CLI and API authenticate with Bearer tokens. Tokens are independently issued and revocable, and are scoped to an organization.

Administrative access. Internal administrative interfaces require a separate role in addition to standard user authentication.

Hosting. Forthwith runs on Hetzner Online, Inc. infrastructure. The application is deployed as a minimal Docker container running as a non-root user.

Database. PostgreSQL with TLS-encrypted connections.

Background processing. Asynchronous jobs (translation workers, data cleanup, billing reconciliation) run via Oban, a PostgreSQL-backed job queue.

Architecture. The platform is a single Phoenix web application serving both the user-facing dashboard and the translation API.

The following third-party services process data on behalf of Forthwith:

Forthwith is a multi-tenant platform. Customer data is logically isolated by organization: translation jobs, API tokens, and usage records are all scoped to an organization and are inaccessible across organization boundaries.

Translation requests are sent to third-party LLM providers (Anthropic, OpenAI, Google) for processing. Anthropic's API does not use submitted data to train models by default. We do not use customer-submitted content to train our own models.

For OpenAI, the organization-level setting to disable training on API data should be confirmed enabled in the OpenAI dashboard. We recommend reviewing each provider's data usage policy for the most current terms.

Input validation. Translation requests are validated before submission to LLM providers. The system enforces size limits and checks for content patterns that could interfere with prompt integrity.

Output validation. LLM responses are validated against the submitted input before being returned. Checks include placeholder consistency, structure, and completeness.

Security logging. Security-relevant events (input validation failures, output validation failures, suspicious patterns) are logged with structured metadata. Logs contain organization and job identifiers only; actual string content is never logged.

Rate limiting. All API endpoints, authentication flows, and registration paths enforce rate limits per IP address and per organization.

HTTP security headers. Responses include a Content-Security-Policy, X-Content-Type-Options, Referrer-Policy, and frame-ancestors: none to prevent clickjacking. CSRF protection is enforced on all browser-based requests.

Webhook verification. Incoming Stripe webhooks are verified using HMAC signature validation before processing.

We monitor for security issues and respond promptly to incidents affecting service availability or data integrity.

To report a security vulnerability or ask about our security practices, contact us at support@forthwith.dev.