Security
Your data security is our priority
We know you're trusting us with critical business data — customer records, financial transactions, employee information. We take that responsibility seriously and implement industry-leading security practices at every layer.
Encryption
- AES-256 encryption for all data at rest
- TLS 1.3 for all data in transit
- End-to-end encryption for sensitive fields (payment data, PII)
Infrastructure
- SOC 2 Type II compliant cloud infrastructure
- Multi-region redundancy with automatic failover
- Daily encrypted backups with point-in-time recovery
- DDoS protection and Web Application Firewall (WAF)
Payment Security
- PCI DSS Level 1 certified — the highest level of payment security
- Card data never touches our servers — processed by certified payment partners
- Tokenization for all stored payment methods
Access Control
- Multi-factor authentication (MFA) support
- Role-based access control with granular permissions
- Session management with automatic timeouts
- Audit logging for all user actions
Compliance
- GDPR compliant — data subject rights, DPAs, and data residency options
- CCPA compliant — opt-out rights and data transparency
- Regular third-party penetration testing
- Vulnerability disclosure program
Data Ownership
- You own your data — we process it solely to provide the service
- Export your data at any time in standard formats
- Data deleted within 30 days of account closure
- We never sell your data to third parties
Report a vulnerability
If you've found a security issue, please report it responsibly. We appreciate your help in keeping posgryd safe.