Your business data is your livelihood. We treat security as a core product feature, not an afterthought.
All data is encrypted in transit using TLS 1.3. Sensitive data at rest is encrypted using AES-256. Passwords are hashed with bcrypt (12 salt rounds).
Secure session-based authentication with HTTP-only cookies. CSRF protection on all state-changing operations. Optional password reset via secure tokenised links.
Hosted on Vercel with automatic DDoS protection and edge caching. Database on Neon PostgreSQL with automated daily backups and point-in-time recovery.
Multi-tenant architecture with strict organisation-level data isolation. Every database query is scoped to your organisation. Users cannot access other organisations' data.
All payment processing handled by Stripe, a PCI DSS Level 1 certified provider. We never store, process, or have access to your card numbers.
Role-based access within organisations. Session tokens expire after inactivity. All authentication events are logged for audit purposes.
Automated daily database backups with 7-day retention. Point-in-time recovery available. Infrastructure designed for high availability with automatic failover.
Dependencies are regularly audited and updated. We follow OWASP Top 10 guidelines. Security headers including HSTS, X-Frame-Options, and Content-Security-Policy are enforced.
If you discover a security vulnerability, please report it responsibly. We take all reports seriously and will respond within 48 hours.
Email: security@walkquote.com