Security

How Mirror Trap protects your data and our infrastructure.

Data Isolation

Every customer gets a dedicated VPS. Your honeypot data never touches another customer's environment. Sessions, fingerprints, and logs are stored in isolated PostgreSQL databases.

Encryption

All traffic between your browser and Mirror Trap is encrypted via TLS 1.3. Passwords are hashed using bcrypt. API keys and credentials are stored as environment variables, never in code.

Infrastructure

Mirror Trap runs on Hetzner Cloud in Nuremberg, Germany — EU hosted, GDPR compliant. Servers run Ubuntu with fail2ban, non-root service accounts, and automated security updates.

Authentication

• Bcrypt password hashing
• Rate limiting — 5 failed attempts triggers 15 minute lockout
• Session expiry after 24 hours
• Secure session cookies with HTTPOnly flag

Responsible Disclosure

Found a vulnerability? Please report it to security@mirrortrap.com. We aim to respond within 24 hours and resolve critical issues within 72 hours.

Contact

Security team: security@mirrortrap.com