Last updated: June 1, 2026
Security
Security is foundational to a platform that handles identity resolution and intent data. This overview describes the controls protecting your data.
1. Encryption
- Data in transit is protected with TLS 1.2+ across all connections.
- Data at rest is encrypted using AES-256.
- Personal identifiers used for matching are hashed with one-way SHA-256 before storage.
2. Hosting & Infrastructure
The platform runs on hardened cloud infrastructure operated by leading providers with SOC 2 and ISO 27001 certified data centers. Environments are network-isolated, and production access is restricted to authorized personnel through least-privilege controls.
3. Access Controls
- Role-based access control (RBAC) with least-privilege defaults.
- Mandatory multi-factor authentication (MFA) for all internal systems.
- Audit logging of access to sensitive datasets.
4. Monitoring & Incident Response
We maintain continuous monitoring, automated alerting, and a documented incident response plan. In the event of a security incident affecting customer data, we notify impacted customers without undue delay in accordance with our Data Processing Agreement.
5. Application Security
- Secure software development lifecycle with peer code review.
- Regular third-party penetration testing and vulnerability scanning.
- Dependency monitoring and timely patching of known vulnerabilities.
6. Reporting a Vulnerability
We welcome responsible disclosure. If you believe you have found a security issue, contact security@buyerpass.com and we will respond promptly.
This document is provided as a starting template and does not constitute legal advice. Have it reviewed by qualified counsel before relying on it in production.