Deepmox

Security

How Deepmox protects accounts, sessions, billing, media and data with engineering and operational controls while setting responsible reporting rules.

Last updated: June 17, 2026

Security approach

Deepmox uses layered administrative, technical and operational controls designed to protect accounts, learning data, subscriptions and platform availability. No system can be guaranteed to be completely secure, and this page describes current practices rather than a warranty or absolute commitment.

Account security

Users are responsible for keeping account credentials secure, using trusted devices, and promptly reporting suspected unauthorized access. Deepmox limits active sessions to three devices, may revoke older sessions to protect the account and provides account data export and deletion controls for signed-in users.

Engineering controls

Deepmox uses signed HTTP-only session cookies, a signed device cookie, hashed credentials, hashed one-time tokens, a three-device session limit, automatic oldest-device eviction, Cloudflare Turnstile captcha and KV-backed rate limits on high-risk paths to reduce account takeover and automated abuse risk.

Operational controls

Cloudflare edge protections, KV-backed rate limits on high-risk paths, signed private media URLs, private media streaming through short-lived Worker tokens, queue dead-letter handling, audit logs and D1 backup workflows help protect the platform from abuse, unauthorized access and data loss.

Payments and providers

Deepmox does not ask users to send full payment card details to Deepmox support. Subscription payment processing is handled by authorized billing providers. Provider security controls and availability are governed by their own terms and operations.

Responsible reporting

Send suspected vulnerabilities or security concerns to support@deepmox.com with enough detail to reproduce the issue. Do not run automated scans, denial-of-service tests, social engineering, spam, credential attacks, data exfiltration, destructive actions or tests against accounts or data you do not own. Reports that violate these rules may result in account suspension or legal action.

Incident response

When Deepmox confirms a security issue, we prioritize containment, remediation, investigation and legally required notices. We may rotate credentials, revoke sessions, restrict risky features or suspend suspicious accounts to protect the service.

Contact: support@deepmox.com