Security at CNF
Our Commitment
Security is at the core of everything we build. CNF is dedicated to protecting our users' data and infrastructure with industry-leading security practices and technologies.
Infrastructure Security
- AES-256 Encryption — All data is encrypted at rest and in transit using AES-256, the same standard trusted by governments worldwide
- End-to-End Encryption — Communications between users and our services are fully encrypted end-to-end
- DDoS Protection — Enterprise-grade mitigation across our global network
- Web Application Firewall — Real-time threat detection and blocking
- Network Segmentation — Isolated environments prevent lateral movement
Authentication & Access
- Multi-Factor Authentication — TOTP and email-based 2FA for all accounts
- Passkey Support — FIDO2/WebAuthn passwordless authentication
- Argon2id Hashing — Passwords are hashed with Argon2id, the most secure hashing algorithm available
- Session Management — Rolling sessions with automatic timeout and secure cookie configuration
Compliance & Certifications
| Standard | Status |
|---|---|
| ISO 27001:2013 | Compliant |
| SOC 2 Type II | Compliant |
| PCI DSS Level 1 | Compliant |
| GDPR | Compliant |
| CCPA | Compliant |
Responsible Disclosure
We take security vulnerabilities seriously. If you discover a potential security issue, we encourage you to report it responsibly.
- Email your findings to [email protected]
- Include detailed steps to reproduce the vulnerability
- Allow reasonable time for us to investigate and address the issue
- Do not access or modify other users' data
We appreciate the security research community and will acknowledge valid reports.
Contact
Security concerns: [email protected]
General support: support.c.nf
Privacy inquiries: [email protected]