Security & Trust

Built to keep your
data safe

Here's exactly how Traxent protects your account and data — and where our security programme is headed.

Hosted on AWS Payments via Stripe · PCI-DSS L1 TLS 1.2+ · HSTS Encrypted at rest MFA available UK GDPR aligned Vulnerability disclosure
How we protect your data

Encryption everywhere

All traffic is served over HTTPS (TLS 1.2+) with HSTS enforced. Data at rest is encrypted — our database uses AWS-managed encryption with point-in-time recovery.

Authentication

Login is handled by Auth0. We never store your password. Multi-factor authentication is available, and access tokens are short-lived.

We don't touch your card

Payments run entirely through Stripe (PCI-DSS Level 1). Card details never reach our servers — we only ever see a token.

Least-privilege infrastructure

Deployments use short-lived, scoped credentials (OIDC) — no long-lived keys. A web application firewall and rate limiting sit in front of our APIs.

Monitoring & alerting

Error spikes, abuse and unusual activity trigger automated alerts so we can respond quickly. Infrastructure is defined as code and reviewed before it ships.

You're in control

You can edit your details, change your plan, and permanently delete your account and data at any time from your account page.

Compliance & certifications

We're transparent about what's certified today versus what we're working toward. We don't claim certifications we haven't earned.

Infrastructure (inherited). Traxent runs on Amazon Web Services and Stripe, which maintain independently audited SOC 2 Type II, ISO/IEC 27001 and PCI-DSS certifications for the infrastructure and payment rails we build on.

Data protection. We align our handling of personal data with the UK GDPR and the Data Protection Act 2018 — data minimisation, encryption, deletion on request, and clear disclosure in our Privacy Policy.

Our own certifications — on the roadmap:

SOC 2 Type II — planned ISO/IEC 27001 — planned

These are company-level certifications that require independent audit. We're building the controls and documentation toward them; this page will be updated when each is achieved — not before.

Responsible disclosure

Found a security issue? We want to hear from you, and we'll work with researchers acting in good faith.

  • Email [email protected] with details and steps to reproduce. Our machine-readable policy lives at /.well-known/security.txt.
  • Give us reasonable time to investigate and fix before any public disclosure.
  • Don't access, modify or delete data that isn't yours, and don't degrade the service (no DoS, spam or social engineering).
  • Acting in good faith under this policy, we won't pursue legal action against you for your research.
Your data & your rights

Under UK GDPR you can access, correct, export or delete your data. Manage most of it yourself in your account, or email [email protected]. Full detail is in our Privacy & Cookies policy.