// Legal · Security

SECURITY IS NOT A FEATURE. IT'S THE FLOOR.

pricepul handles competitive intelligence that could reshape your company's strategy. We take that responsibility seriously.

// 90-Day Uptime

SYSTEM STATUS

ALL SYSTEMS OPERATIONAL
Service
90-Day Uptime
SLA
API + GraphQL endpoint
99.97%
99.9%
Scraping workers
99.91%
99.5%
Alert delivery (Slack)
99.98%
99.5%
Alert delivery (Email)
99.99%
99.5%
Dashboard (Web)
99.99%
99.9%
// Security Practices

HOW WE PROTECT YOUR DATA.

🔒

Encryption

  • TLS 1.3 for all data in transit
  • AES-256 encryption at rest for all databases
  • Snapshot content encrypted with per-workspace keys
  • End-to-end encryption for API key storage (hashed with bcrypt)
🔑

Access Control

  • Role-based access: Owner, Admin, Member, Viewer
  • Multi-factor authentication required for all staff
  • Hardware security keys required for production access
  • Principle of least privilege for all infrastructure roles

Infrastructure

  • Hosted on AWS in us-east-1 and eu-west-1
  • No single point of failure — multi-AZ across all services
  • WAF + DDoS protection via AWS Shield
  • Automated vulnerability scanning on every deploy

Application

  • OWASP Top 10 addressed in code review checklist
  • Dependency scanning via Dependabot + Snyk
  • Automated SAST on every pull request
  • Quarterly third-party penetration testing

Data isolation

  • Strict workspace isolation — no cross-tenant data access
  • Row-level security enforced in PostgreSQL
  • Scrape jobs run in isolated containers per workspace
  • AI enrichment data scoped and purged after processing

Monitoring & response

  • 24/7 infrastructure monitoring and alerting
  • Security incident response SLA: 1h for critical, 8h for high
  • Immutable audit logs retained for 90 days
  • Automated anomaly detection on authentication events
// Compliance

CERTIFICATIONS.

SOC 2 Type II
CERTIFIED
Audited annually. Report available under NDA for Enterprise.
GDPR
COMPLIANT
DPA available. SCCs for EEA transfers. DPO: dpo@pricepul.io
CCPA
COMPLIANT
California residents can exercise rights at privacy@pricepul.io
ISO 27001
IN PROGRESS
Certification audit scheduled for Q3 2026.
PCI DSS
N/A
Payments processed exclusively by Stripe. We never handle card data.
// Responsible Disclosure

FOUND A BUG?

We take security reports seriously and commit to acknowledging every report within 24 hours. We will not take legal action against researchers who follow responsible disclosure principles.

Email
security@pricepul.io
PGP Key
Fingerprint: B4A2 C913...
Bug Bounty
HackerOne — invite only (email to apply)
Scope
Authentication and authorization bypass
SQL injection or data leakage
SSRF or RCE in scraping infrastructure
Cross-tenant data access
Sensitive data exposed in API responses
Out of scope: rate limiting, UI/UX issues, spam, social engineering, physical attacks.