🔒 Data Protection
Information We Collect
- Account information (name, email address)
- Property search queries and analysis requests
- Payment information (processed securely by Stripe)
- Usage analytics and performance metrics
How We Protect Your Data
- Encryption: All data transmitted using TLS 1.3 encryption
- Secure Storage: Data encrypted at rest using industry-standard methods
- Access Controls: Strict role-based access to customer data
- Regular Audits: Quarterly security assessments and penetration testing
🛡️ Security Measures
Infrastructure Security
- Hosted on secure cloud infrastructure (Vercel, GitHub Pages)
- Automated security monitoring and threat detection
- Regular security updates and patch management
- DDoS protection and rate limiting
Application Security
- Secure authentication with JWT tokens
- Input validation and sanitization
- Content Security Policy (CSP) headers
- Cross-Site Request Forgery (CSRF) protection
💳 Payment Security
We use Stripe for all payment processing, which provides:
- PCI DSS Level 1 compliance
- End-to-end encryption of payment data
- Fraud detection and prevention
- Secure tokenization of payment methods
We never store your payment information on our servers.
🚨 Incident Response
Security Incident Procedure
- Detection: Automated monitoring alerts our security team
- Assessment: Immediate evaluation of impact and scope
- Containment: Isolate affected systems to prevent spread
- Notification: Inform affected users within 72 hours
- Resolution: Implement fixes and restore normal operations
- Review: Post-incident analysis and security improvements
📧 Responsible Disclosure
We welcome security researchers to help us maintain a secure platform.
What to Include
- Detailed description of the vulnerability
- Steps to reproduce the issue
- Potential impact assessment
- Your contact information
What We Promise
- Acknowledge receipt within 24 hours
- Provide regular updates on our investigation
- Credit you in our security acknowledgments (if desired)
- Not pursue legal action for good-faith security research
🔐 User Security Best Practices
Protect Your Account
- Use a strong, unique password
- Enable two-factor authentication when available
- Log out from shared or public computers
- Monitor your account for suspicious activity
- Keep your browser and devices updated
Recognize Phishing Attempts
- We will never ask for your password via email
- Always verify URLs start with https://dwellchecker.app
- Be suspicious of urgent requests for personal information
- Contact us directly if you receive suspicious communications
📋 Compliance
DwellChecker complies with:
- GDPR: European Union data protection regulations
- CCPA: California Consumer Privacy Act
- SOC 2: Security and availability standards
- OWASP: Web application security best practices