Security & Compliance
Encryption, audit trails, and data sovereignty — built into every layer of OpenModeration.
Encryption at Rest & In Transit
At Rest AES-256-GCM — all stored content, logs, and credentials encrypted before hitting disk.
In Transit TLS 1.3 enforced for every API request. No plaintext, no legacy ciphers.
API Keys Hashed with SHA-256 before storage. We never see your keys in plaintext.
Data Sovereignty
Self-Hosted Deploy on your own infrastructure. Zero data leaves your network.
No Telemetry No phone-home, no usage tracking, no analytics beacons.
Air-Gapped Fully air-gapped deployments supported. No external dependencies required.
Access Control
API Key Auth Every request authenticated via Bearer token. Scoped permissions per key.
Rate Limits Granular rate limits configurable per API key — requests/min, concurrency, daily cap.
Instant Revocation Rotate or revoke any key immediately. Changes propagate in seconds.
Audit Trail
Immutable Logs Every moderation action, config change, and API call is logged with timestamp, actor, and payload.
Exportable Export full audit trails as JSON or CSV. Ready for compliance reviews and regulator requests.
Tamper-Proof Logs are write-once. No modification, no deletion. Append-only storage.
Compliance & Certifications
GDPR Data processing agreements, right to deletion, data portability. Self-hosting ensures full compliance.
DSA-Ready Meet EU Digital Services Act requirements. Complete audit trails and transparency reporting.
SOC 2 SOC 2 Type II certification on our roadmap. Infrastructure follows SOC 2 controls today.
Provider Key Security
Encrypted at Rest OpenAI, Azure, HuggingFace — all provider API keys are AES-256-GCM encrypted in the database.
BYOK Bring Your Own Keys. You control which provider keys are configured and when they rotate.
No Leakage Keys are never logged, never returned in API responses, and never sent to third parties.
Data Retention
Configurable Set retention from 0 to 90 days. 0 means content never stored — pass-through moderation only.
Presets Quick-select: 0 days (no storage), 7 days, 30 days, or 90 days. Custom durations also supported.
Auto-Purge Expired data is automatically and permanently deleted. No manual clean-up needed.
Open Source Assurance
Auditable Code Every line of OpenModeration is open for inspection. No black boxes, no proprietary binaries.
AGPL v3 Licensed under the GNU Affero General Public License v3. Full source access guaranteed.
Community Reviewed Code is publicly developed, reviewed, and tested. Security vulnerabilities are transparently disclosed.
Trusted by security-conscious teams
OpenModeration is built with security as a first-class concern — not an afterthought. Every architectural decision is made with the assumption that attackers will probe every layer.
Ready to simplify your moderation stack?
Deploy in minutes with Docker or start a free trial. One API for every moderation provider, with no vendor lock-in.