Skip to content
LienDeadline

Legal and compliance

Security and Data Protection

Controls and safeguards for API access, account security, and data protection across the platform.

API Security

HTTPS Encryption

All API requests and responses are encrypted using TLS 1.2+ (HTTPS). This ensures that data transmitted between your application and our servers cannot be intercepted or modified.

API Key Authentication

Every API request requires a valid API key in the Authorization header:

Authorization: Bearer YOUR_API_KEY

API keys are cryptographically secure, unique per customer, and can be regenerated or revoked at any time through your dashboard.

Rate Limiting

API requests are rate-limited to prevent abuse and ensure fair usage. Limits are generous for paid plans and can be adjusted for enterprise customers.

No PII Storage

We don't store personally identifiable information (PII) in calculation requests. Only invoice dates, states, and calculation results are stored—no names, addresses, or project details.

Request Logging

API requests are logged for security monitoring and debugging. Logs include timestamps, API keys (masked), endpoints accessed, and response codes. Logs are retained for 90 days.

Data Protection

Encrypted Database

All data is stored in a PostgreSQL database hosted on Railway with encryption at rest. Database access is restricted to authorized personnel only.

Password Security

User passwords are hashed using bcrypt before storage. We never store passwords in plain text and cannot retrieve your password if forgotten (password reset required).

Regular Backups

Automated daily backups with 30-day retention. Backups are encrypted and stored separately from production data. We can restore data to any point within the retention period.

Infrastructure Security

Our infrastructure is hosted on Railway, which provides:

  • DDoS protection and mitigation
  • Automatic security updates
  • Network isolation and firewalls
  • 24/7 monitoring and incident response

Payment Security

Stripe PCI Compliance

All payments are processed through Stripe, which is PCI DSS Level 1 compliant (the highest level of payment security). We never see, store, or process your credit card information directly.

No Credit Card Storage

We do not store credit card numbers, CVV codes, or billing addresses. All payment data is handled securely by Stripe's infrastructure.

Compliance & Certifications

SOC 2 Compliance

We are working toward SOC 2 Type II certification. Our security practices align with SOC 2 requirements for security, availability, and confidentiality.

GDPR & CCPA Compliance

We comply with GDPR (EU) and CCPA (California) privacy regulations. Users can request access, deletion, or export of their data. See our Privacy Policy for details.