Security Overview
How GateKeeper protects your site and your users.
Security-First Design
GateKeeper is built with security at every layer. We combine advanced bot detection, cryptographic challenges, and multi-layered verification to protect your site -- while keeping your data safe and under your control.
Our Approach
GateKeeper uses a multi-layered approach to bot detection that goes far beyond traditional CAPTCHAs. Our system analyzes behavioral patterns, environmental signals, and timing characteristics to distinguish real users from automated threats -- including the latest generation of AI agents.
Every verification request passes through cryptographic proof-of-work challenges that make automated attacks computationally expensive, while remaining seamless for legitimate users. Our adaptive difficulty system continuously adjusts challenge complexity based on real-time threat assessment.
User interaction data is processed entirely on the client side. Only aggregated risk scores are transmitted to our servers, ensuring that raw behavioral data is never collected or stored.
Data Protection
We apply industry-standard encryption for all data at rest and in transit. Passwords are protected using modern, secure hashing algorithms. Our systems undergo regular security assessments to identify and address potential vulnerabilities.
Encryption
Industry-standard encryption at rest and in transit for all customer data and system communications.
Privacy by Design
No tracking cookies, no persistent fingerprinting. Behavioral data is processed in real-time on the client and not stored.
Data Residency
All GateKeeper infrastructure is hosted in Riyadh, Saudi Arabia. Your data never leaves the Kingdom. This ensures full compliance with Saudi data residency requirements and the Personal Data Protection Law (PDPL).
- All data processing and storage occurs within Saudi Arabia
- Virtual Cloud Network with private subnets and least-privilege access
- Web Application Firewall for DDoS protection
- No public network access to data stores
Compliance
| Standard | Status |
|---|---|
| PDPL (Saudi Personal Data Protection Law) | Compliant |
| WCAG 2.2 AA (Accessibility) | Compliant |
| SAMA Cyber Security Framework | Aligned |
| NCA Essential Cybersecurity Controls | Aligned |
Data Retention
We retain data only as long as necessary for its intended purpose. Audit logs are retained for 365 days. Verification data is processed in real-time and not stored beyond the active session. Full details on our data retention periods are available in our Privacy Policy.
Incident Response
We maintain a structured incident response process to detect, contain, and resolve security incidents swiftly.
- Detection: Continuous automated monitoring and alerting for anomalous activity.
- Containment: Rapid isolation of affected systems to prevent further impact.
- Investigation: Root cause analysis to determine scope and origin of the incident.
- Remediation: Fix vulnerabilities and restore normal service operations.
- Notification: Affected users are informed within 72 hours, in compliance with PDPL requirements.
- Post-Incident Review: Lessons learned are documented and procedures are updated.
Vulnerability Reporting
If you discover a security vulnerability, we encourage responsible disclosure. Please report it to our security team so we can address it promptly.
Security Team: security@gatekeeper.sa
Please include detailed steps to reproduce the vulnerability. We respond to all reports within 48 hours and will work with you to resolve the issue.
Contact
For security-related inquiries:
Security Team: security@gatekeeper.sa
General Inquiries: support@gatekeeper.sa
Location: Riyadh, Saudi Arabia