§ 01 / TRUST CENTER

Security is not a feature. It's our foundation.

Built on standard encryption, transparent data handling, and a strict retention policy. We treat your data the way we'd want ours treated.

TRUST SCORE

Privacy-first

A+

Encrypted in transit

Encrypted at rest

GDPR aligned

CCPA aligned

Privacy-first design

Last reviewedDAILY

GDPR

CCPA

ENCRYPTED

PRIVATE

§ 02 / COMMITMENTS

Privacy by default.

We follow privacy laws, encrypt your data, and never sell or share it. Period.

GDPR Aligned

Built to comply with EU data protection law.

CCPA Aligned

California Consumer Privacy Act compliant.

PCI via Stripe

Payment data handled by Stripe (PCI DSS Level 1).

§ 03 / LIFECYCLE

Your data's journey, end to end.

Upload

Encrypted in transit

Verify

Processed securely

Delivered

Signed download link

Retained

Short retention window

Purged

Permanent deletion

§ 04 / ENCRYPTION

Encrypted everywhere, always.

From the moment data touches our API to the moment it's purged from our systems, it's encrypted with keys that rotate automatically.

Encrypted in transit (HTTPS)

Encrypted at rest

Hashed credentials

Strict CORS & CSP headers

Regular dependency audits

Secure session management

§ 05 / INFRASTRUCTURE

Built for reliability.

Cloud-native

Hosted on managed cloud

Auto-scale

Handles traffic spikes

DDoS

Protected at the edge

Monitored

Continuous health checks

Account protection

Password

Hashed, never stored in plain text

Sessions

Secure tokens, auto-expire

API keys

Bearer auth, rotate anytime

Email verify

Required on signup

§ 06 / ACCOUNT SECURITY

Your account, locked down.

Standard security features come with every plan. Passwords are hashed, sessions are secured, and API keys can be rotated anytime from your dashboard.

Hashed password storage
Secure session management
API key authentication with rotation
Email verification on signup
Strict CORS and CSP headers

§ 07 / INCIDENT RESPONSE

If something goes wrong, we tell you.

Detect

Automated monitoring and manual checks

Contain

Isolate affected systems quickly

Notify

Communicate promptly with affected users

Post-mortem

Transparent review and lessons learned

§ 08 / DOCUMENTS

Public documents.

Privacy Policy

How we collect, use, and protect your data.

Terms of Service

The legal agreement between you and BounceCheck.

Data Processing Agreement

DPA available for EU customers on request.

Subprocessor List

All third-party services we use, available on request.

§ 09 / RESPONSIBLE DISCLOSURE

Found a vulnerability?

We take security reports seriously. If you've discovered a potential vulnerability, please contact our security team directly so we can investigate.

Email [email protected]

§ 01 / TRUST CENTER

Security is not a feature. It's our foundation.

Built on standard encryption, transparent data handling, and a strict retention policy. We treat your data the way we'd want ours treated.

TRUST SCORE

Privacy-first

A+

Encrypted in transit

Encrypted at rest

GDPR aligned

CCPA aligned

Privacy-first design

Last reviewedDAILY

GDPR

CCPA

ENCRYPTED

PRIVATE

§ 02 / COMMITMENTS

Privacy by default.

We follow privacy laws, encrypt your data, and never sell or share it. Period.

GDPR Aligned

Built to comply with EU data protection law.

CCPA Aligned

California Consumer Privacy Act compliant.

PCI via Stripe

Payment data handled by Stripe (PCI DSS Level 1).

§ 03 / LIFECYCLE

Your data's journey, end to end.

Upload

Encrypted in transit

Verify

Processed securely

Delivered

Signed download link

Retained

Short retention window

Purged

Permanent deletion

§ 04 / ENCRYPTION

Encrypted everywhere, always.

From the moment data touches our API to the moment it's purged from our systems, it's encrypted with keys that rotate automatically.

Encrypted in transit (HTTPS)

Encrypted at rest

Hashed credentials

Strict CORS & CSP headers

Regular dependency audits

Secure session management

§ 05 / INFRASTRUCTURE

Built for reliability.

Cloud-native

Hosted on managed cloud

Auto-scale

Handles traffic spikes

DDoS

Protected at the edge

Monitored

Continuous health checks

Account protection

Password

Hashed, never stored in plain text

Sessions

Secure tokens, auto-expire

API keys

Bearer auth, rotate anytime

Email verify

Required on signup

§ 06 / ACCOUNT SECURITY

Your account, locked down.

Standard security features come with every plan. Passwords are hashed, sessions are secured, and API keys can be rotated anytime from your dashboard.

Hashed password storage
Secure session management
API key authentication with rotation
Email verification on signup
Strict CORS and CSP headers

§ 07 / INCIDENT RESPONSE

If something goes wrong, we tell you.

Detect

Automated monitoring and manual checks

Contain

Isolate affected systems quickly

Notify

Communicate promptly with affected users

Post-mortem

Transparent review and lessons learned

§ 08 / DOCUMENTS

Found a vulnerability?

We take security reports seriously. If you've discovered a potential vulnerability, please contact our security team directly so we can investigate.

Email [email protected]