Map

Protect your users from stolen credentials

Castle detects and mitigates account takeover in web and mobile apps

No credit card required
Nice! We've sent you an email with a confirmation link.
Oops! Try again

Put account security on autopilot

Track events in your web and mobile apps. We analyze device, location and usage patterns to make sure they are consistent for each user.

Feature 1@2x

Integrate in minutes

Get up and running by simply adding a snippet of code. It’s as easy as installing Google Analytics.

Feature 3@2x

Self-learning risk models

Machine learning that stops account takeovers from day one and evolves over time to reduce false positives.

Feature computer@2x

Automate manual work

Only clearly malicious activity alerts your team. Authentication APIs lets your users resolve the rest.

Real-time security analytics

Get complete visibility into your users’ devices and access patterns. Drill down into individual sessions to see who is using Tor or hopping between locations.

Dashboard

As easy to integrate as any analytics API

We've tailored Castle to make developers feel right at home.

JavaScript snippet

Include the snippet on all your pages. Call identify when the user is logged in. The snippet improves device recognition, but is optional.

<script type="text/javascript">
  (function(e,t,n,r){function i(e,n){e=t.createElement("script");e.async=1;e.src=r;n=t.getElementsByTagName("script")[0];n.parentNode.insertBefore(e,n)}e[n]=e[n]||function(){(e[n].q=e[n].q||[]).push(arguments)};e.attachEvent?e.attachEvent("onload",i):e.addEventListener("load",i,false)})(window,document,"_castle","//d2t77mnxyo7adj.cloudfront.net/v1/c.js")
  _castle('setAppId', '1234567890');
  _castle('identify', '1234', {
    created_at: '2012-12-02T00:30:08.276Z',
    email: 'johan@castle.io',
    name: 'Johan B'
  });
</script>

REST API

Track security events or any unstructured data from your web backend or mobile app, and Castle will look for anomalies.

# Ruby example
castle.track(
  name: '$login.succeeded',
  user_id: '1234')

castle.track(
  name: '$login.failed',
  properties: {
    '$login' => 'admin@yoursite.com'
  })
News@2x