🔒

Security at DIFFSCOUT

Your data security is our priority. Here's how we protect your information.

🔐

Authentication & Access

  • OAuth 2.0 authentication via Clerk (Google, GitHub, Microsoft)
  • No passwords stored - delegated authentication only
  • Per-request user validation on all API endpoints
  • Session tokens with automatic expiration
🛡️

Data Protection

  • All data encrypted in transit (TLS 1.3)
  • PostgreSQL database with SSL connections required
  • User data isolated by account (multi-tenant architecture)
  • Screenshots stored securely with ownership verification
🔒

API Security

  • Rate limiting on all endpoints (per-user and per-IP)
  • Request validation and sanitization
  • SQL injection prevention via parameterized queries
  • CORS headers properly configured
📊

Monitoring & Compliance

  • Audit logging for all API actions
  • Request IDs for full traceability
  • Error tracking without exposing sensitive data
  • Regular security reviews and updates
🌐

Infrastructure

  • Built on SOC 2 compliant infrastructure
  • Hosted on Railway (SOC 2 Type II certified)
  • Database on Neon PostgreSQL (SOC 2 Type II certified)
  • Authentication via Clerk (SOC 2 Type II certified)
  • Payment processing via Stripe (PCI DSS Level 1)
  • No customer payment data stored on our servers
🚫

What We Don't Do

  • We don't sell or share your data with third parties
  • We don't access pages behind your login credentials
  • We don't store passwords (OAuth only)
  • We don't track you outside of our service

Security Questions?

If you have security concerns or want to report a vulnerability, please contact us.

security@diffscout.com