SECURITY

Security

RAW is built on the premise that your infrastructure is yours. We secure the platform. You control the servers. No compromises.

🛡️ INFRASTRUCTURE SECURITY

Enterprise-grade infrastructure, zero complexity.

Every RAW server runs on Hetzner bare metal in Tier III+ datacenters across Europe, the US, and Singapore. Physical security, network protection, and environmental controls are maintained to the highest international standards.

🛡️

DDoS Protection

All servers are protected by Hetzner's built-in DDoS mitigation system, which automatically detects and filters volumetric attacks at the network edge before they reach your infrastructure.

🔒

Cloud Firewall

Hetzner Cloud Firewall provides stateful packet filtering at the hypervisor level. Define inbound and outbound rules per server or apply them across your fleet.

🔒

Network Isolation

Each server is provisioned in its own isolated network segment. No shared tenancy, no noisy neighbors, no cross-customer traffic. Your network is yours alone.

🛡️

Physical Security

Hetzner datacenters are ISO 27001 and SOC 2 certified with 24/7 on-site security, biometric access controls, CCTV monitoring, and redundant power and cooling systems.

🔒 DATA SECURITY

Your data. Your rules. We don't look.

RAW takes a fundamentally different approach to data security. We give you full root access to your servers and we never inspect, monitor, or log your traffic. What happens on your server stays on your server.

🔒

Encryption at Rest

All servers use enterprise NVMe drives. Data stored on disk is protected by hardware-level encryption. When a server is decommissioned, drives are securely wiped following NIST 800-88 guidelines.

🔒

Encryption in Transit

All connections to the RAW platform use TLS 1.3 with modern cipher suites. API traffic, dashboard access, and server provisioning are encrypted end-to-end. We enforce HTTPS everywhere — no exceptions.

🛡️

No Egress Monitoring

Unlike traditional cloud providers, RAW does not inspect, log, or throttle your outbound traffic. We don't run deep packet inspection. We don't monitor your bandwidth usage patterns. Your traffic is private.

🛡️

Full Root Access

You get full root access to every server. No agents pre-installed, no monitoring software, no phone-home daemons. You decide what runs on your machine. Your server, your rules.

🛡️ COMPLIANCE

Certified infrastructure. Audited processes.

RAW's infrastructure providers maintain rigorous compliance certifications. All servers run in EU datacenters, ensuring your data stays within jurisdictions with the strongest privacy protections.

GDPR

GDPR Compliant

All datacenters are located in the European Union. Data processing agreements are in place with all sub-processors. You retain full control over your data and can request deletion at any time.

ISO 27001

ISO 27001 Certified

Hetzner's datacenters are ISO 27001 certified, the international standard for information security management systems covering risk assessment, access control, and operational security.

SOC 2

SOC 2 Type II

Hetzner maintains SOC 2 Type II compliance, independently audited for security, availability, and confidentiality controls over a sustained period.

PCI DSS

PCI DSS Compliant

Infrastructure meets PCI DSS requirements for hosting payment-processing workloads. Network segmentation, access controls, and encryption standards are maintained at the datacenter level.

🔒 ACCOUNT SECURITY

Secure by default. No shortcuts.

Your RAW account is protected by modern authentication standards. Every layer — from password storage to API access — follows current best practices.

Secure Authentication

Passwords are hashed with bcrypt using adaptive cost factors. We never store plaintext credentials. OAuth 2.0 login via Google and GitHub is supported with PKCE flow for additional security.

API Token Authentication

All API requests are authenticated with Bearer tokens generated using cryptographic randomness. Tokens can be revoked instantly. Root passwords are displayed once at deploy time and never stored by RAW.

Session Management

Sessions are managed with secure, HTTP-only cookies with strict SameSite policies. Inactive sessions expire automatically. You can revoke all active sessions from your account settings at any time.

🛡️ VULNERABILITY DISCLOSURE

Found something? Tell us.

We take security vulnerabilities seriously. If you discover a potential security issue in RAW's platform, we want to hear from you. We follow a responsible disclosure process and appreciate the security community's help keeping RAW safe.

Report tosecurity@rawhq.io

24 hoursAcknowledgment of your report

72 hoursInitial assessment and severity classification

OngoingRegular updates until resolution

Responsible Disclosure Policy

Please provide detailed reproduction steps when possible
Allow us reasonable time to investigate and fix issues before public disclosure
Do not access, modify, or delete data belonging to other users
Do not degrade the performance or availability of our services during testing
We will not pursue legal action against researchers acting in good faith