Security Policy

Last updated: January 27, 2026

Security is our highest priority. We are committed to protecting the data and privacy of our customers. This policy outlines the technical and organizational measures we take to secure our infrastructure and your data.

1. Data Encryption

We utilize industry-standard encryption protocols to protect data both in transit and at rest.

• In Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2/1.3 (Transport Layer Security). We force HTTPS for all connections.
• At Rest: Sensitive data stored in our databases is encrypted using AES-256 encryption standards.

2. Access Control & Authentication

We implement strict access controls to ensure that only authorized personnel and users can access specific data.

• User Passwords: We do not store plain-text passwords. All passwords are hashed using strong algorithms (e.g., Bcrypt or Argon2) with unique salts.
• Internal Access: Access to our production servers and customer data is restricted to a subset of the engineering team and is secured behind VPNs and Multi-Factor Authentication (MFA).

3. Vulnerability Management

We proactively monitor our systems for potential threats and vulnerabilities.

• We perform regular automated scans of our infrastructure.
• We patch our servers and software dependencies regularly to address known security vulnerabilities (CVEs).

4. Payment Security (PCI DSS)

We do not store your credit card information on our servers.

• All payment processing is handled by a PCI-DSS Level 1 compliant third-party payment processor (e.g., Stripe, PayPal).
• Your payment credentials are tokenized directly with the payment provider; we only retain a reference token to manage your subscription.

5. Incident Response

In the event of a security breach or data leak, we have an Incident Response Plan in place.

• We will notify affected users within 72 hours of becoming aware of a breach that affects their personal data.
• We will take immediate steps to mitigate the breach and prevent further data loss.

6. Reporting Security Issues

If you believe you have found a security vulnerability in our service, please report it to us immediately.

Please email us at security@definitiveanalysis.com. We appreciate the contributions of the security research community and ask that you do not disclose the issue publicly until we have had a reasonable amount of time to address it.