Security

How we keep USDConverter.com safe and secure

HTTPS Encryption

All connections to USDConverter.com are encrypted using TLS 1.3 (HTTPS). This ensures that all data transmitted between your browser and our servers is encrypted and cannot be intercepted by third parties. We enforce HTTPS via HSTS (HTTP Strict Transport Security) headers.

No Personal Data Collection

USDConverter.com does not collect, store, or process personal data. We do not require user accounts, logins, or registration. No names, emails, passwords, or financial information are stored on our servers. All user preferences are saved locally in your browser using localStorage.

API Security

Our public API endpoint follows security best practices:

  • Rate limiting to prevent abuse and DDoS attacks
  • CORS headers configured to prevent unauthorized cross-origin requests
  • Input validation and sanitization on all API parameters
  • No sensitive data exposed through API responses
  • Server-side rate data caching to minimize external API calls

Infrastructure Security

Our infrastructure follows modern security practices:

  • Hosted on secure, enterprise-grade infrastructure
  • Regular security updates and patch management
  • DDoS protection and Web Application Firewall (WAF)
  • Content Security Policy (CSP) headers to prevent XSS attacks
  • X-Frame-Options to prevent clickjacking
  • Automated monitoring and alerting for anomalies

Security Headers

We implement the following security headers on all responses:

  • Strict-Transport-Security: max-age=31536000; includeSubDomains
  • X-Content-Type-Options: nosniff
  • X-Frame-Options: DENY
  • Referrer-Policy: strict-origin-when-cross-origin
  • Permissions-Policy: camera=(), microphone=(), geolocation=()

Third-Party Services

We use a minimal number of third-party services, all of which are well-established and security-audited: ExchangeRate API for exchange rate data and CoinGecko API for cryptocurrency prices. These are accessed server-side, meaning your browser never communicates directly with these services.

Responsible Disclosure

If you discover a security vulnerability in USDConverter.com, we encourage responsible disclosure. Please report it to us so we can address it promptly.

Email: contact@usdconverter.com

When reporting a vulnerability, please include:

  • - A description of the vulnerability
  • - Steps to reproduce the issue
  • - The potential impact
  • - Any suggested fixes (optional)

We will acknowledge receipt within 48 hours and provide an initial assessment within 5 business days. We will not take legal action against researchers who report vulnerabilities responsibly.

Open Source Dependencies

We regularly audit our open-source dependencies for known vulnerabilities using automated security scanning. Critical vulnerabilities are patched within 24 hours of disclosure.