Security
Encryption in Transit
All data transmitted between your browser and Dealyze is encrypted using TLS 1.3. Your uploaded documents are never sent over unencrypted connections.
TLS 1.3Encryption at Rest
Documents and analysis data stored on our servers are encrypted at rest using AES-256. Even if infrastructure were compromised, your data remains unreadable.
AES-25624-Hour Auto-Deletion
Uploaded documents are automatically and permanently deleted within 24 hours of processing. We do not retain your financial documents. Analysis summaries are kept separately and only accessible to you.
Auto-purgeAccess Controls
Access to production systems is strictly limited to authorized personnel. All admin accounts require two-factor authentication (2FA). Role-based access controls ensure the principle of least privilege.
RBAC + 2FAInfrastructure
Dealyze is hosted on Railway, which operates on SOC 2-compliant infrastructure. We use isolated environments for development and production to prevent data leakage between environments.
SOC 2 infrastructureIncident Response
In the event of a security breach affecting your data, we will notify affected users within 72 hours of discovery. We maintain an incident response plan and will provide details on what happened and what we're doing about it.
72-hr notificationVulnerability Disclosure
If you discover a security vulnerability in Dealyze, please report it to us responsibly. We take all reports seriously and aim to respond within 48 hours.
Contact: [email protected] โ please include "Security" in the subject line.
We ask that you do not publicly disclose vulnerabilities until we've had a reasonable opportunity to investigate and address them. We appreciate researchers who help keep Dealyze secure.
Questions? [email protected] ยท Privacy Policy