Security at every layer
Your seller accounts and your pricing data are protected at every layer of the platform, from the database up to your browser.
Six layers between an attacker and your data
We treat security as a stack of independent checks. Each layer holds even when the one above it fails.
Organization boundaries inside the database
Every table that holds your data is scoped to your organization inside the database engine. Even if our application code had a bug, the database itself would refuse to leak it.
Channel credentials in an encrypted vault
Your seller tokens and API secrets live in a dedicated encrypted vault. They are never stored alongside your main records and are decrypted only when a background service needs them.
Sign in without a password
You sign in with a magic link or with Google. There is no password to leak or reuse. A quiet captcha blocks automated attempts before they reach the form.
Roles enforced from end to end
Four roles (owner, admin, manager, analyst) and 27 granular permissions. Every action is checked on the server, in the database, and in the UI before it runs.
Rate limits on every sensitive action
Sensitive actions like creating organizations and sending invitations each have their own per-user budget. Calls to seller channels stay below every platform's published quota.
Strong cryptography on the wire and at rest
Traffic between your browser and our servers runs over modern TLS. Records and uploads are encrypted on disk. Browsers are told to refuse any non-HTTPS attempt.
Sign in without the weakest link
No passwords involved. You sign in with a magic link or with Google and we watch every attempt that hits the form.
Magic link sign-in
Click the link in your email and you are in. Each link is single-use and verified on our server.
Google sign-in
If your team already uses Google Workspace, sign in with Google instead. The security rules are identical.
Captcha on the login form
An invisible challenge stops automated sign-in attempts before they reach the form. Real users rarely see it.
Locked session cookies
Your session lives in a cookie that JavaScript on the page cannot touch. It expires quickly when you walk away.
Login alerts
Every successful sign-in sends you an email with the approximate IP, browser, and timezone.
Safe redirects after login
The "where to go next" parameter only accepts paths inside the app. External URLs are rejected.
One database, many walls
Your records are tagged to your organization and filtered by the database itself. Credentials and admin actions follow the same rule.
Organization boundaries
Every record is tagged to an organization. The database filters every query to your org before any row is returned.
Isolated background services
Background services use a separate connection that never reaches the browser. Internal calls are signed and verified.
Immutable admin audit trail
Every internal admin action is written to an immutable audit table with who acted, what changed, and when.
Public content stays public
Help articles and changelogs live in a separate read-only area. They never share a table with your business data.
Per-account credentials
Each seller account has its own encrypted secret. It is decrypted only at the moment of use and never cached.
Locks on critical operations
Credential updates and plan changes use database-level locks so two processes never step on each other.
Hardened in transit, at rest, and in front
Modern TLS on every connection. Encryption at rest on every record. A managed CDN sitting in front of the app.
Encryption end to end
Modern TLS protects every connection. Records and uploads are encrypted on disk. Credentials get a second layer.
Hardened HTTP headers
Every response ships with strict transport security, framing rules, a permissions policy, and a CSP with nonces.
Edge protection in front
A managed CDN sits in front of our servers. It terminates TLS, absorbs traffic spikes, and filters automated abuse.
Payments handled by Stripe
Card details go directly to Stripe (PCI DSS Level 1) and never touch our servers. Webhooks are signature-verified.
Secrets never in code
Every secret is injected at runtime and never lives in the repository. We scan the codebase on every change.
Scrubbed error tracking
Crashes go to a dedicated error-tracking service with sensitive fields stripped before they leave the app.
Habits that keep the platform safe
What we do every day so the protections above keep working as the platform grows.
Security checks on every schema change
New tables don't ship until they have the right database policies, indexes, and access rules. The checklist runs after every migration.
Strict typing from end to end
Both the web app and the background services run under strict type checking. Type errors fail the build before they reach production.
Pinned and audited dependencies
Every dependency is pinned to an exact version. Updates pass through automated security scans before they merge into the codebase.
Automatic user-facing incidents
When a token expires or a billing event fails the platform creates a clear incident with a message and an action. It clears itself once the condition resolves.
Live worker health visibility
Every background service sends a heartbeat. Stale services are flagged automatically on the on-call view within minutes.
Only the data we actually need
Market snapshots, logs, and short-lived job records expire on their own after seven days. Deleting your account deletes your data for real.
A few numbers that make the picture concrete
46
Database tables with row-level policies enforced at the engine.
27
Granular permissions distributed across four access roles.
0
Passwords stored anywhere in the system.
100%
Internal admin actions written to an immutable audit log.
Every login
Triggers an alert email with the approximate IP and device.
7 days
Retention window on logs and market data snapshots.
Security questions, answered
They live in a separate encrypted vault. The records you can see only hold a reference, never the value itself. The token is decrypted briefly inside a background service when it needs to call the channel.
No. Every record is tagged with an organization and the database itself filters out everything that doesn't belong to you. Even if our application code had a bug the database would still enforce the boundary.
Passwords are the most reused and most phished credential on the internet. Magic links remove that problem entirely. Each link is single-use and the exchange happens on our server, so your inbox becomes the only thing an attacker would have to compromise.
You will get an email the moment a login succeeds with the approximate IP and device. If it wasn't you, write to security@repricing.app and we will kill the session immediately. Internal admin actions on your account are also written to a permanent audit log.
On dedicated infrastructure we manage ourselves, sitting behind a managed CDN that terminates TLS and absorbs abusive traffic. Records and uploads are encrypted at rest. Payments go through Stripe.
Yes. Send vulnerability reports, compliance questions, or anything suspicious on your account to security@repricing.app. We respond within one business day. Critical reports get a same-day reply.
Ready to automate your pricing?
Join sellers who stopped adjusting prices manually and let the platform do the work for you.
Start for freeNo credit card required. 30-day free trial.