Security Overview

Hosting and infrastructure

• Hosted on modern cloud providers with physical security, redundancy, and DDoS protections.
• Network segmentation and least-privilege access for services and data.

Data protection

• Encryption in transit (HTTPS/TLS) and at rest for databases and storage.
• Passwords stored using industry-standard hashing by our authentication provider.
• We do not store full card numbers or CVV.

Access controls

• Role-based access for internal tools and production systems.
• Multi-factor authentication enforced for sensitive systems where supported.
• Principle of least privilege for engineers and administrators.

Monitoring and logging

• Application and infrastructure logging with alerting for anomalies.
• Audit trails for key administrative actions.

Backups and continuity

• Regular database backups with tested restore procedures.
• Redundant infrastructure to reduce downtime risk.

Incident response

• Defined runbooks for incident triage, containment, and remediation.
• User notification for incidents as required by law or when appropriate.

Responsible disclosure

If you believe you have found a security issue, email us with details so we can investigate and remediate. Please avoid public disclosure until we have addressed the issue.

Email: support@PermitSmash.com