Security & Trust Centre

Encryption in Transit — TLS 1.2+

All communication between clients and our servers is encrypted using TLS 1.2 or higher. HTTP connections are automatically redirected to HTTPS. HSTS headers are set to prevent downgrade attacks.

Password Hashing — bcrypt

User passwords are never stored in plaintext. All passwords are hashed using bcrypt with a work factor calibrated to resist brute-force attacks.

Two-Factor Authentication (TOTP)

Time-based one-time password (TOTP) two-factor authentication is available and enforced for administrative accounts. Users may also enable 2FA on their own accounts.

Role-Based Access Control (RBAC)

Access to sensitive data and administrative functionality is restricted using role-based access control. Roles are enforced server-side on every request; client-side rendering of restricted content is not treated as a security boundary.

Session Management

Sessions are issued as signed, server-side cookies. Sessions are invalidated on logout and expire after a period of inactivity. Session tokens are rotated upon privilege escalation.

Security Headers

Our HTTP responses include a Content Security Policy (CSP), X-Frame-Options: DENY, X-Content-Type-Options: nosniff, and Referrer-Policy headers to mitigate common web vulnerabilities.

Stripe Webhook Signature Verification

All inbound Stripe webhook events are verified using Stripe's HMAC-SHA256 signature before any business logic is executed, preventing spoofed payment events.

reCAPTCHA on Public Forms

Google reCAPTCHA v3 is integrated on publicly accessible forms (newsletter subscription, contact forms) to mitigate automated abuse and spam submissions.

Penetration Testing

The platform underwent a penetration test in late 2024. Identified findings were remediated and verified. We conduct security reviews periodically and after significant architectural changes.

Cloud Infrastructure

The platform is hosted on Replit's managed cloud infrastructure, which runs on Google Cloud Platform. Infrastructure-level availability, hardware redundancy, and network resilience are managed by the hosting provider.

Database Backups

The PostgreSQL database is backed up daily using automated backup tooling. Backups are retained for a rolling 30-day period. Restoration procedures are tested periodically.

Uptime Monitoring

Application endpoints are monitored for availability. On-call alerting is configured to notify the engineering team of outages so that recovery actions can begin promptly.

Incident Response

We maintain an incident response process that covers detection, triage, remediation, and post-incident review. Critical incidents are communicated to affected customers in a timely manner.

Principle of Least Privilege

Team members are granted only the minimum level of access required to perform their role. Access rights are reviewed when roles change and revoked promptly upon offboarding.

Logical Data Separation

Multi-tenant data is logically separated at the application layer. API endpoints validate that requesting users may only access records belonging to their own account or organisation.

Environment Separation

Development and production environments are separated. Production credentials are not used in development or staging environments. Secrets are managed through environment variables, not hardcoded in source code.

Third-Party Sub-Processors

We work with a limited number of trusted sub-processors (including Stripe, Brevo, Google reCAPTCHA, and OpenAI via Replit AI Integrations). Each sub-processor is evaluated for their own security and privacy commitments before use.

File Storage Access Controls

Files uploaded to object storage are stored in access-controlled buckets. Public and private directories are enforced at the storage layer, and pre-signed URLs are used where appropriate.

Input Validation

All API endpoints validate incoming request payloads against strict Zod schemas before processing. Invalid or unexpected data is rejected with an explicit error response, not silently discarded.

Payment Processing via Stripe

All payment transactions are processed by Stripe, a PCI DSS Level 1 certified payment processor. Cardholder data never transits our servers. Webhook events are verified before fulfillment is triggered.

AI Output Review

AI-generated content (via SparkOS features) is presented to users as AI output and is not substituted for professional advice without appropriate disclosure. Outputs are subject to the guardrails and content policies of the underlying model provider.

Structured Error Handling

Application errors are caught and handled explicitly. Unhandled errors are logged for investigation. Error responses to clients do not expose internal system details such as stack traces or database structure.

Privacy Policy

Our Privacy Policy describes what personal information we collect, why we collect it, how it is used, and who it is shared with. It is publicly available and updated when our practices change.

Cookie Consent & Preferences

We use a cookie consent banner to obtain informed consent before setting non-essential cookies (analytics, marketing). Users can review and update their preferences at any time.

GDPR Alignment

We have identified lawful bases for our personal data processing activities. Data subject rights (access, rectification, erasure, portability, and objection) can be exercised by contacting us at team@chasemarshal.com.

Data Minimisation

We collect the minimum personal data needed to deliver our services. We do not sell personal data to third parties for advertising or data brokerage purposes.

New Zealand Privacy Act 2020

Our privacy practices are designed to comply with the New Zealand Privacy Act 2020 and align with relevant international standards including the GDPR.