Our Security Practices

Security is our business. We practice what we preach.

Encryption Everywhere

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

Secure Infrastructure

Hosted on enterprise-grade cloud infrastructure with automatic security updates and monitoring.

Regular Audits

We conduct regular security audits and penetration testing to identify and fix vulnerabilities.

Incident Response

24/7 monitoring with a documented incident response plan to quickly address any security issues.

Data Protection

  • Minimal Data Collection: We only collect data necessary to provide our service
  • Access Controls: Role-based access control and multi-factor authentication
  • Data Isolation: Your data is logically isolated from other customers
  • Secure Deletion: Data is securely wiped when you delete your account

Compliance & Standards

We follow industry best practices and security standards:

  • • OWASP Top 10 security guidelines
  • • SOC 2 Type II compliance (in progress)
  • • GDPR and CCPA data protection requirements
  • • PCI DSS compliance via Stripe for payment processing

Transparency

We believe in being transparent about our security practices:

  • We will notify affected customers within 72 hours of discovering a security incident
  • Our security practices are regularly reviewed and updated
  • We maintain detailed logs for audit and forensic purposes

Responsible Disclosure

If you discover a security vulnerability, we encourage responsible disclosure. Please use the contact form below to report security issues and we will respond within 24 hours.

We appreciate the security research community and will acknowledge researchers who help us improve our security.

Questions?

Have questions about our security practices? We're happy to discuss them.