Security & Compliance

1 Data Isolation

Every business on Prybase operates in its own isolated database schema. Your data — customers, appointments, billing records, staff — is completely separated from every other tenant on the platform. There is no shared data between accounts.

2 Encryption

In transit: All communication is encrypted using HTTPS/TLS 1.2+, enforced across all environments.
At rest: Sensitive configuration values are encrypted using AES-256 (Fernet) before being stored in the database.
Passwords: All user passwords are hashed using PBKDF2 with SHA-256. Plain-text passwords are never stored.

3 Access Controls

Role-based access control (RBAC) — owners, managers, and staff have distinct permission levels.
Multi-factor authentication (MFA) available for platform administrator accounts.
Brute-force protection locks accounts after repeated failed login attempts.

4 Infrastructure Security

Hosted on Render with managed TLS, DDoS mitigation, and network-level controls.
Database hosted on Neon (PostgreSQL) with connection encryption and automatic backups.
Media files stored on Cloudinary with access controls and CDN delivery.
All third-party providers are SOC 2 certified or equivalent.

5 Monitoring & Incident Response

Application errors and exceptions are tracked in real time via Sentry.
Login activity — including failed attempts — is logged and reviewable by platform administrators.
Suspicious activity triggers automated account lockouts and alerts.
Affected customers will be notified promptly in the event of a security incident.

6 Payment Security & Responsible Disclosure

Payment processing is handled entirely by Stripe, a PCI DSS Level 1 certified provider. Prybase never stores full card numbers — only your Stripe customer ID and subscription status.

If you discover a security vulnerability, please report it to security@prybase.com. We will acknowledge your report within 48 hours and resolve confirmed issues promptly.