Security at every layer
Your seller accounts and pricing data are critical. We protect them with database-level isolation, encrypted credentials, passwordless auth, and granular access control.
Six layers of protection, from database to edge
Security is not a feature we bolted on. It is built into the database schema, the authentication flow, the API layer, and the infrastructure. Every layer enforces its own rules independently.
01
Database-level isolation on every table
Every database query is scoped to your organization through built-in security policies. There is no application-level filtering that could be bypassed. Your listings, strategies, pricing history, and channel data are isolated at the database engine level.
02
Encrypted credentials
Your channel credentials (tokens, secrets) are stored with envelope encryption. Your database row holds a reference key, never the secret itself. Only authorized background services can decrypt credentials, and only at the moment of use.
03
Passwordless authentication
No passwords exist in the system. Authentication uses email magic links with a secure code exchange. The link is single-use, the exchange happens server-side, and the resulting session is stored in secure, HTTP-only cookies.
04
Role-based access control
Four roles (owner, admin, manager, analyst) with 22+ granular permissions enforced at every layer: server-side guards, database policies, and the user interface. Roles cascade. Analysts are read-only. Only owners manage billing and delete channels.
05
Distributed rate limiting
Three independent rate limit layers: login attempt limits, server-side throttling on sensitive operations, and per-account controls for marketplace API calls set to 85% of published limits. Throttled requests are requeued with delay, never retried immediately.
06
End-to-end encryption
TLS 1.3 on every connection. AES-256 encryption at rest on all database storage. Credentials use additional envelope encryption. HSTS headers prevent protocol downgrades.
Passwordless by design
No passwords to steal, phish, or brute-force. Magic link authentication with secure code exchange, server-side session management, and proactive login monitoring.
Secure Code Exchange
Magic link tokens use a secure code exchange flow. The authorization code is verified server-side, never exposed to the browser. Token hashes in email links prevent interception from server logs.
Session Management
Sessions are stored in secure, HTTP-only cookies that cannot be accessed by JavaScript. Sessions refresh transparently on every request. Session lifetime is 1 hour with automatic renewal.
Ban Enforcement
Two-layer ban check: validated on every request, and re-checked after login. Banned users are signed out immediately and redirected to a static page.
Login Notifications
Every successful login triggers an email notification with the IP address, browser, and timezone. If you did not initiate the login, you know immediately.
Captcha Protection
Cloudflare Turnstile challenge on the login form prevents automated login attempts and credential stuffing. The challenge is invisible to real users in most cases.
Open Redirect Prevention
Post-login redirects are sanitized to reject absolute URLs and external paths. Only relative paths within the application are allowed, preventing phishing attacks via redirect manipulation.
Multi-org isolation enforced at the database level
Every query passes through database security policies. Organization boundaries are enforced by the database engine, not application code. Even a bug in our application cannot bypass the isolation.
Organization Boundaries
Every row in every table is tied to your organization. Database security policies verify that the requesting user belongs to that organization before any data is returned. There is no way to query another organization's data.
Backend Separation
Background services that process data across organizations (like billing and sync) use a separate privileged connection that never reaches the frontend. Internal operations are verified with a dedicated key using constant-time comparison.
Admin Audit Trail
Every admin action (ban user, toggle permissions, pause services) is logged to an immutable audit table with the admin user, action type, target organization, and timestamp. Retention is indefinite.
Content Isolation
Published content (help articles, changelogs) is separate from your business data with public read access. Changes require internal admin verification through a dedicated authorization check.
Credential Isolation
Each seller account has its own encrypted secret. Credentials are decrypted only at the moment of use by the specific service processing that account. No batch decryption, no credential caching.
Concurrency Protection
Critical operations like credential updates, plan changes, and concurrent repricing use database-level locks to prevent race conditions. Locks are automatically released when the operation completes.
SOC 2 compliant from database to edge
Every provider in the stack is SOC 2 Type II certified or PCI DSS compliant. Secrets are injected at runtime, never committed to code.
Database & Auth
Database, authentication, storage, encrypted vault, and real-time updates. SOC 2 Type II compliant. Hosted on AWS with AES-256 encryption at rest and point-in-time recovery.
Edge Network
Frontend and server-side logic on a global edge network. SOC 2 Type II compliant. TLS 1.3 enforced. HSTS headers. Automatic DDoS protection at the edge layer.
Background Processing
Background services with environment-level secret injection. Services run in isolated containers with no inbound network access. Secrets are never committed to code.
Payment Processing
All payment processing handled by Stripe, PCI DSS Level 1 compliant. Credit card numbers never touch our servers. Webhook signatures are verified with constant-time comparison.
Error Monitoring
Error monitoring with environment-aware sampling. Frontend and backend errors are captured with user context but without raw credentials. Accurate stack traces for fast resolution.
Email Delivery
Transactional email delivery for login notifications, incident alerts, and billing emails. Every email is logged with category, recipient, and delivery status for audit purposes.
Security built into every step of development
Automated audits, strict type checking, structured logging, and proactive incident response. Security is a process, not a checklist.
01
Security audits on every change
Every database schema change runs automated security and performance audits. New tables require security policies before the change is considered complete.
02
Strict type checking
Strict type checking across the entire codebase, both frontend and backend. Type errors block deployment. No shortcuts, no escape hatches.
03
Dependency auditing
Automated security patches and dependency updates. Lock files pinned. No wildcard versions. Supply chain integrity verified before deployment.
04
Incident response
User-facing incidents (auth failures, sync errors, billing issues) are created automatically with severity levels, clear messages, and action URLs. Incidents trigger email notifications and auto-resolve when the condition clears.
05
System observability
Structured logging and error tracking across all services. Background services report health status every 30 seconds. Stale services are detected and flagged within 5 minutes.
06
Data minimization
We access only the data needed to provide the service. Logs are retained for 7 days and cleaned automatically. Market data snapshots expire after 7 days. You can delete your account and all associated data at any time.
Real numbers from the security implementation
41
Database tables with security policies enabled
22+
Granular permissions mapped to 4 access roles
3
Independent rate limiting layers
0
Passwords stored in the system
7 days
Log and snapshot retention
100%
Admin actions logged to immutable audit trail
Security questions, answered
Your channel credentials (tokens, secrets, app IDs) are stored with envelope encryption. Your database row only holds a reference key, never the secret itself. Credentials are decrypted only at the moment of use by authorized background services.
No. Every database table has security policies that scope queries to your organization. This is enforced at the database engine level, not the application level. Even if there were a bug in our code, the database would still enforce the boundary.
Passwords are the most common attack vector: phishing, credential stuffing, reuse, weak choices. Magic links eliminate all of these. Each link is single-use, the token hash prevents interception, and the exchange happens server-side. Your email provider becomes your authentication factor.
Every login triggers an email notification with the IP address, browser, and timezone. If you did not initiate the login, contact us immediately. We can ban the session, and the two-layer ban enforcement ensures the attacker is signed out on their next request.
Database and authentication on AWS, frontend on a global edge network, background services on isolated cloud infrastructure. All providers are SOC 2 Type II compliant. All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
Yes. For security questions, vulnerability reports, or compliance documentation requests, reach out to security@repricing.app. We respond to security reports within 24 hours.
Ready to automate your pricing?
Join sellers who stopped adjusting prices manually and let the platform do the work for you.
Start for freeNo credit card required. 30-day free trial.