Security & Trust
eFile CPSC stores your CPSC eFiling credentials and your compliance records, so we hold ourselves to a high security bar. This page describes how the Service is protected. Questions or security concerns? Contact us.
Infrastructure
The Service runs entirely on Cloudflare's global edge platform — serverless compute, managed database, and private object storage — with data processed and stored in the United States. There are no self-managed servers to patch, and every request is served over HTTPS with HSTS enforced.
Encryption
- In transit: TLS for all connections, including our connections to the CPSC eFiling API.
- At rest: storage-level encryption across database and object storage.
- CPSC credentials: encrypted with AES-256-GCM using keys cryptographically bound to your company. A credential encrypted for one company is unusable for any other — even our own platform tools cannot decrypt them outside the filing path.
Tenant isolation
The Service is multi-tenant by design, and isolation is enforced in code, not by convention: every database query is automatically scoped to your company, requests that attempt to specify another company are rejected, and a continuous-integration gate blocks any code change that bypasses the scoped data layer. Isolation is verified by an automated test suite that runs against the live service.
Account security
- Mandatory two-factor authentication — every account must enroll an authenticator app; 2FA cannot be turned off.
- One-time backup codes for recovery, with self-service regeneration.
- Brute-force protection — automatic lockouts per account and per IP address.
- Revocable sessions — signed, HttpOnly session cookies that can be revoked server-side at any time.
Staff access
Our staff have no standing access to your data. Support access requires an explicit, time-limited session (30 minutes) and every administrative action is recorded in an audit log.
Sub-processors
We use a small number of vendors to run the Service. Each processes data only to provide their service to us:
| Sub-processor | Purpose | Location |
|---|---|---|
| Cloudflare, Inc. | Hosting, compute, database, and file storage | United States |
| Resend, Inc. | Transactional email (account and security notices) | United States |
We will update this list before adding a new sub-processor. Data is also transmitted to the U.S. Consumer Product Safety Commission and to the customs broker your company designates — at your direction, as recipients you choose, not as our sub-processors.
International data transfers
The Service is operated from and hosted in the United States. If you use it from outside the U.S., your data is transferred to and processed in the U.S. Where applicable data-protection law requires safeguards for such transfers (for example, for customers in the EEA, UK, or Switzerland), we will put appropriate measures in place, such as standard contractual clauses, as part of your company's agreement with us. See our Privacy Policy for details.
Responsible disclosure
We welcome reports from security researchers. If you believe you've found a vulnerability, contact us with enough detail to reproduce it. We will acknowledge your report promptly, investigate, and keep you informed. We ask that you do not access data that isn't yours, degrade the Service, or disclose the issue publicly before we've had a reasonable opportunity to fix it. We will not pursue legal action against good-faith research conducted within these guidelines.
Availability
The Service is built on globally redundant infrastructure with no single server to fail. Uptime commitments (SLAs) for enterprise customers are available as part of a signed agreement — talk to us.