security.md
Last Updated: March 6, 2026
1. Data Protection
- Transmission Security: Industry-standard Transport Layer Security (TLS) encrypts all communication between your browser and our infrastructure.
- Storage Security: We encrypt account metadata and monitor configurations at rest using AES-256.
- Access Control: We restrict internal data access to authorized service identities and prohibit direct, unauthenticated client-side access to our backend data stores.
- Diagnostic Logging: We may retain limited, access-controlled diagnostic information from specific check executions to assist in troubleshooting.
2. Infrastructure Integrity
- Architecture: We build on managed cloud infrastructure and edge protection services to ensure service availability and integrity. For a detailed list of our infrastructure providers, please refer to our Subprocessors List.
- Maintenance: We deploy regular software updates and prioritize critical security patches to maintain system resilience.
3. Payments
- PCI Compliance: Our third-party payment processor handles all transaction data. We do not store or transmit raw credit card information on our servers. See our Subprocessors List for provider details.
4. Vulnerability Disclosure
Please report security issues to [email protected] with a detailed description. We ask for a reasonable time to remediate before any public disclosure. Do not attempt to access or modify data belonging to other users.
5. Contact
For technical inquiries regarding our infrastructure, contact us at [email protected].