Security
Encryption in Transit
All data transmitted between your browser and Dealyze is encrypted using TLS 1.3. Your uploaded documents are never sent over unencrypted connections.
TLS 1.3Encryption at Rest
Our hosting provider (Railway) encrypts data at rest at the infrastructure level. This means your stored data is protected even in the event of physical disk compromise.
Infrastructure encryptionImmediate PDF Deletion
Uploaded PDF files are permanently deleted within seconds of processing. Your documents are loaded into memory, analyzed, and immediately removed from disk. Extracted financial data (numbers only) is stored in your account for dashboard access.
Instant purgeAccess Controls
Access to production systems is limited to authorized personnel. We restrict production credentials to the minimum necessary and are working toward multi-factor authentication for all admin accounts.
Restricted accessInfrastructure
Dealyze is hosted on Railway, which operates on SOC 2-compliant infrastructure. We use isolated environments for development and production to prevent data leakage between environments.
SOC 2 infrastructureIncident Response
In the event of a security breach affecting your data, we will notify affected users within 72 hours of discovery. We maintain an incident response plan and will provide details on what happened and what we're doing about it.
72-hr notificationVulnerability Disclosure
If you discover a security vulnerability in Dealyze, please report it to us responsibly. We take all reports seriously and aim to respond within 48 hours.
Contact: [email protected] — please include "Security" in the subject line.
We ask that you do not publicly disclose vulnerabilities until we've had a reasonable opportunity to investigate and address them. We appreciate researchers who help keep Dealyze secure.
Questions? [email protected] · Privacy Policy