Security

Security is foundational to PriceTik. Here's how we protect your data.

Encryption

TLS 1.3 for all data in transit. AES-256 encryption at rest for databases and backups.

Authentication

Bcrypt password hashing (cost factor 12). Short-lived JWT access tokens (15 min) with rotating refresh tokens.

Rate limiting

Redis-backed rate limits on all endpoints. Bot detection suspends abusive accounts automatically.

Payment security

All payments processed by Stripe. We never store card numbers, CVVs, or bank details on our servers.

Infrastructure

Hosted on AWS with Multi-AZ redundancy, encrypted Redis clusters, and private VPC networking.

Protocol integrity

Ed25519 digital signatures on all feed snapshots. HMAC-SHA256 webhook signing for retailer integrations.

Report a vulnerability

If you discover a security issue, please report it responsibly to security@pricetik.com. We take all reports seriously and will respond within 48 hours.