routermcp
Security

Our approach to protecting your data

RouterMCP is built and operated by the RouterMCP team. We design for secure defaults, defense‑in‑depth, and least privilege across product, platform, and operations.

TLS in transitEncryption at restRBACAudit logsSecrets isolationSLA support (Enterprise)

Data Protection

All endpoints enforce TLS. Data is encrypted at rest where supported by our providers.

  • TLS for all traffic
  • At‑rest encryption for storage
  • Key/secret rotation procedures

Access Controls

  • Project and environment isolation
  • Role‑based access (RBAC)
  • Per‑tool enablement and defaults

Policies & Guardrails

  • Rate limits and timeouts
  • IP allowlists
  • Request size and concurrency controls

Audit & Observability

  • Structured logs with latency and errors
  • Export to your SIEM (Enterprise)
  • Project‑level dashboards

Vulnerability Management

We regularly update dependencies and address high‑severity issues promptly.

  • Automated scanning and patching cadence
  • Dependency updates and review

Responsible Disclosure

Found a vulnerability? Please report it responsibly so we can investigate and remediate. Contact us via the Contact page.

Incident Response

  • Triage, containment, remediation, and post‑incident review
  • Customer notification consistent with legal/contractual obligations
  • Root‑cause analysis and follow‑up actions

Enterprise Options

SSO/SAML, SCIM, SIEM exports, and SLAs are available for Enterprise. See Enterprise for details.

Learn moreContact sales

Effective date: October 3, 2025