Last updated: June 1, 2026

Security

Security is foundational to a platform that handles identity resolution and intent data. This overview describes the controls protecting your data.

1. Encryption

  • Data in transit is protected with TLS 1.2+ across all connections.
  • Data at rest is encrypted using AES-256.
  • Personal identifiers used for matching are hashed with one-way SHA-256 before storage.

2. Hosting & Infrastructure

The platform runs on hardened cloud infrastructure operated by leading providers with SOC 2 and ISO 27001 certified data centers. Environments are network-isolated, and production access is restricted to authorized personnel through least-privilege controls.

3. Access Controls

  • Role-based access control (RBAC) with least-privilege defaults.
  • Mandatory multi-factor authentication (MFA) for all internal systems.
  • Audit logging of access to sensitive datasets.

4. Monitoring & Incident Response

We maintain continuous monitoring, automated alerting, and a documented incident response plan. In the event of a security incident affecting customer data, we notify impacted customers without undue delay in accordance with our Data Processing Agreement.

5. Application Security

  • Secure software development lifecycle with peer code review.
  • Regular third-party penetration testing and vulnerability scanning.
  • Dependency monitoring and timely patching of known vulnerabilities.

6. Reporting a Vulnerability

We welcome responsible disclosure. If you believe you have found a security issue, contact security@buyerpass.com and we will respond promptly.

This document is provided as a starting template and does not constitute legal advice. Have it reviewed by qualified counsel before relying on it in production.