← Back to Home

Security

Last Updated: November 9, 2025

Our Commitment to Security

At PricingForge, security is our top priority. We understand that you're trusting us with your sensitive business data, and we take that responsibility seriously. This page outlines the comprehensive security measures we've implemented to protect your information.

Infrastructure Security

Cloud Infrastructure

PricingForge is built on industry-leading cloud platforms:

Google Firebase

  • ✓ SOC 2 Type II certified
  • ✓ ISO 27001 compliant
  • ✓ 99.95% uptime SLA
  • ✓ Automatic data replication across multiple regions

Vercel Hosting

  • ✓ Global CDN with edge caching
  • ✓ DDoS protection
  • ✓ Automatic SSL/TLS certificates
  • ✓ Zero-downtime deployments

Data Encryption

Encryption in Transit

  • TLS 1.3: All data transmitted between your browser and our servers is encrypted using the latest TLS protocol
  • HTTPS Everywhere: All pages are served over HTTPS with HSTS enabled
  • Certificate Pinning: Protection against man-in-the-middle attacks
  • Secure WebSockets: Real-time data syncing uses encrypted connections

Encryption at Rest

  • AES-256 Encryption: All data stored in our database is encrypted using military-grade encryption
  • Field-Level Encryption: Sensitive fields (costs, prices, margins) are additionally encrypted
  • Encrypted Backups: All automated backups are encrypted before storage
  • Key Management: Encryption keys are managed securely and rotated regularly

Authentication & Access Control

User Authentication

  • Firebase Authentication: Industry-standard authentication system
  • Email Verification: Required before full account access
  • Secure Password Storage: Passwords are hashed using bcrypt with salt
  • Session Management: Secure, short-lived session tokens
  • Automatic Logout: Sessions expire after inactivity

Access Control

  • Role-Based Access: Owner and member roles with different permissions
  • Data Isolation: Users can only access their own data
  • Firestore Security Rules: Server-side validation of all data access
  • Team Permissions: Granular control over team member access

Payment Security

PCI DSS Compliance

All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. We never store credit card information on our servers.

  • ✓ PCI DSS Level 1 Service Provider
  • ✓ 3D Secure authentication support
  • ✓ Fraud detection and prevention
  • ✓ Secure tokenization of payment methods
  • ✓ Real-time payment monitoring

Application Security

Security Best Practices

  • Input Validation: All user inputs are validated and sanitized
  • XSS Protection: Content Security Policy and output encoding
  • CSRF Protection: Tokens on all state-changing requests
  • SQL Injection Prevention: Parameterized queries and ORM usage
  • Rate Limiting: Protection against brute force and DDoS attacks
  • Security Headers: HSTS, X-Frame-Options, X-Content-Type-Options

Code Security

  • Regular security audits and code reviews
  • Automated dependency scanning for vulnerabilities
  • Penetration testing by third-party security experts
  • Secure development lifecycle practices
  • Bug bounty program for responsible disclosure

Data Privacy & Compliance

  • GDPR Compliance: Full compliance with EU data protection regulations
  • CCPA Compliance: California Consumer Privacy Act adherence
  • Data Residency: Options for data storage location
  • Data Portability: Export your data anytime in standard formats
  • Right to Deletion: Complete data removal upon request
  • Privacy by Design: Privacy considerations in all features

Backup & Disaster Recovery

Automated Backups

  • Daily Backups: Automatic daily backups of all data
  • Point-in-Time Recovery: Restore data to any point in the last 30 days
  • Geo-Redundancy: Backups stored in multiple geographic locations
  • Encryption: All backups are encrypted at rest
  • Regular Testing: Backup restoration procedures tested monthly

User Backups

In addition to our automated backups, you can create your own backups anytime through the Dashboard → Backups page. We recommend creating backups before major changes.

Security Monitoring

24/7 Monitoring

  • Real-Time Alerts: Immediate notification of suspicious activity
  • Intrusion Detection: Advanced systems to detect unauthorized access
  • Log Analysis: Comprehensive logging and analysis of all system events
  • Performance Monitoring: Track system health and performance
  • Audit Logs: Complete audit trail of all user actions

Incident Response

In the unlikely event of a security incident, we have a comprehensive response plan:

  • Detection: 24/7 monitoring systems immediately identify incidents
  • Containment: Rapid isolation of affected systems to prevent spread
  • Investigation: Forensic analysis to determine scope and impact
  • Notification: Timely communication to affected users as required by law
  • Remediation: Fix vulnerabilities and implement additional safeguards
  • Review: Post-incident analysis to improve security measures

Security Best Practices for Users

While we implement robust security measures, you can help keep your account secure:

  • ✓ Use a strong, unique password (12+ characters with mixed case, numbers, symbols)
  • ✓ Never share your password with others
  • ✓ Log out when using shared or public computers
  • ✓ Keep your email account secure (it's used for password recovery)
  • ✓ Review your audit logs regularly for suspicious activity
  • ✓ Be cautious of phishing emails claiming to be from PricingForge
  • ✓ Create regular backups of critical data
  • ✓ Remove team members who no longer need access

Report a Security Issue

If you discover a security vulnerability, please report it responsibly:

Security Email: security@priceforge.com

Response Time: We aim to acknowledge security reports within 24 hours

Please do not publicly disclose the vulnerability until we have had a chance to address it. We appreciate responsible disclosure and will credit researchers who help improve our security.

Security Certifications & Compliance

Infrastructure

  • • SOC 2 Type II (via Firebase)
  • • ISO 27001 (via Firebase)
  • • PCI DSS Level 1 (via Stripe)

Privacy

  • • GDPR Compliant
  • • CCPA Compliant
  • • Privacy Shield Framework

Security Questions?

For questions about our security practices or to request additional information:

General Inquiries: support@priceforge.com

Security Issues: security@priceforge.com

Related Documents

Privacy Policy →Terms of Service →Cookie Policy →