Here's exactly how Traxent protects your account and data — and where our security programme is headed.
All traffic is served over HTTPS (TLS 1.2+) with HSTS enforced. Data at rest is encrypted — our database uses AWS-managed encryption with point-in-time recovery.
Login is handled by Auth0. We never store your password. Multi-factor authentication is available, and access tokens are short-lived.
Payments run entirely through Stripe (PCI-DSS Level 1). Card details never reach our servers — we only ever see a token.
Deployments use short-lived, scoped credentials (OIDC) — no long-lived keys. A web application firewall and rate limiting sit in front of our APIs.
Error spikes, abuse and unusual activity trigger automated alerts so we can respond quickly. Infrastructure is defined as code and reviewed before it ships.
You can edit your details, change your plan, and permanently delete your account and data at any time from your account page.
We're transparent about what's certified today versus what we're working toward. We don't claim certifications we haven't earned.
Infrastructure (inherited). Traxent runs on Amazon Web Services and Stripe, which maintain independently audited SOC 2 Type II, ISO/IEC 27001 and PCI-DSS certifications for the infrastructure and payment rails we build on.
Data protection. We align our handling of personal data with the UK GDPR and the Data Protection Act 2018 — data minimisation, encryption, deletion on request, and clear disclosure in our Privacy Policy.
Our own certifications — on the roadmap:
These are company-level certifications that require independent audit. We're building the controls and documentation toward them; this page will be updated when each is achieved — not before.
Found a security issue? We want to hear from you, and we'll work with researchers acting in good faith.
Under UK GDPR you can access, correct, export or delete your data. Manage most of it yourself in your account, or email [email protected]. Full detail is in our Privacy & Cookies policy.