Home About Services Blog Contact
Login Get Started

Security

Protecting your data is our highest priority. Learn about our security practices and infrastructure.

How We Protect Your Data

Enterprise-grade security measures to keep your information safe.

Encryption

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption to prevent unauthorized access.

Authentication

Multi-factor authentication (MFA), strong password policies, and session management protect account access.

Access Controls

Role-based access controls ensure users can only access information they are authorized to view.

Monitoring

Continuous monitoring and logging of all system activity to detect and respond to security threats.

Infrastructure

Hosted on secure, SOC 2 compliant infrastructure with redundancy, backups, and disaster recovery.

Vulnerability Management

Regular security assessments, penetration testing, and automated vulnerability scanning.

Application Security

Our application is built with security as a foundational principle:

  • CSRF token protection on all forms and state-changing operations
  • Content Security Policy (CSP) headers to prevent XSS attacks
  • Input validation and sanitization on all user inputs
  • Parameterized queries to prevent SQL injection
  • Rate limiting to prevent brute-force attacks
  • Secure session management with HTTPOnly, Secure, and SameSite cookie flags

Data Handling

We follow strict data handling practices:

  • Sensitive data (SSN, financial information) is encrypted at the field level
  • Data access is logged and auditable
  • Data retention policies comply with FCRA and applicable regulations
  • Secure data disposal procedures for expired records

Incident Response

We maintain a comprehensive incident response plan. In the event of a security incident, we will promptly investigate, contain, and remediate the issue, and notify affected parties in accordance with applicable breach notification laws.

Report a Vulnerability

If you discover a security vulnerability, please report it responsibly through our Contact Support page. We take all reports seriously and will work to address confirmed vulnerabilities promptly.