Trust & Security

We take the security, privacy, and availability of your data seriously. This page outlines how we protect customer information, how data is handled, and what you can expect from us as a SaaS provider. Our platform is designed with security best practices built in from the start. We follow a defense-in-depth approach, limiting access to systems and data while continuously monitoring for issues.

Data Protection & Privacy

Data Collection & Usage

  • We collect only the data necessary to provide and operate the service.
  • No Personally Identifiable Information (PII) is ever collected or stored by our service
  • Customer data is used solely to deliver application functionality and support.
  • Customers retain ownership of their data at all times.

Data Storage

  • All customer data is stored securely on our servers.
  • Customer data is not shared, sold, or provided to third parties except where required to operate the service.
  • Customer data is logically isolated to prevent unauthorized access between tenants.

Encryption & Transmission Security

  • All data transmitted between the controllers and our platform is encrypted using TLS 1.2 or higher.
  • Data is stored securely with access controls to restrict unauthorized access.

Payments

Payments are handled separately through Stripe, a PCI-DSS compliant payment processor.

  • We do not store or process credit card information on our servers.
  • Payment information is transmitted directly to Stripe and handled according to their security standards.

Access Control & Authentication

  • Access to production systems is restricted to authorized personnel only.
  • Role-based access controls are used where applicable.
  • Administrative access is logged and monitored.

Infrastructure & Hosting

  • The platform is hosted on secure, professionally managed infrastructure.
  • Network-level protections such as firewalls and access restrictions are in place.
  • Systems are monitored for availability and performance.
  • We monitor system health and availability to quickly detect and respond to issues.
  • Maintenance and updates are performed to minimize disruption whenever possible.

Incident Response

  • Security incidents are investigated and contained promptly.
  • Affected customers are notified when appropriate.
  • Incidents are reviewed to improve controls and prevent recurrence.

Vulnerability Management

  • Regular security updates and patches are applied.
  • Dependencies are monitored for known vulnerabilities.
  • Security issues can be reported responsibly.

Compliance Status

We are not currently certified under formal security standards such as SOC 2 or ISO 27001. Our practices are informed by widely accepted industry best practices, and we continually evaluate compliance requirements as the platform grows.

Data Retention & Deletion

  • Customer data is retained only as long as necessary to provide the service.
  • Customers may request data deletion upon account termination.
  • Backups are retained for a limited period and securely removed.

Shared Responsibility

We secure the platform and infrastructure. Customers are responsible for managing user access, credentials, and configurations within their accounts.

Contact & Security Reporting

For security questions or to report a vulnerability, contact us at:
security@yourdomain.com

Last updated: Month Day, Year