PriceFox

Security Policy

Last Updated: May 17, 2025

1. Introduction

At PriceFox, we take the security of your data very seriously. This Security Policy outlines the measures we take to protect your information and ensure the integrity of our services. Our security practices are designed to provide a secure environment for all users while maintaining compliance with industry standards and regulations.

2. Authentication & Access Control

We utilize Clerk, a specialized authentication provider, to handle user authentication and identity management. This partnership allows us to implement:

  • Multi-factor authentication (MFA) to verify user identities
  • Secure password policies and regular credential rotation
  • Role-based access control to limit data access to authorized personnel only
  • Session management with automatic timeouts for inactive sessions
  • Secure authentication tokens with appropriate expiration periods

3. Data Protection

We implement multiple layers of data protection:

  • Encryption of data in transit using TLS/SSL protocols
  • Encryption of sensitive data at rest
  • Regular security assessments and vulnerability scanning
  • Secure backup procedures with encryption
  • Data minimization principles to collect only necessary information

4. Infrastructure Security

Our application is built on Cloudflare's secure infrastructure, which provides:

  • DDoS protection to prevent service disruptions
  • Web Application Firewall (WAF) to filter malicious traffic
  • Network-level security controls and intrusion detection
  • Regular security updates and patch management
  • Global content delivery network with edge security
  • Physical security measures at all data centers

5. Application Security

Our development practices incorporate security at every stage:

  • Secure coding practices and regular code reviews
  • Protection against common web vulnerabilities (OWASP Top 10)
  • Input validation and output encoding to prevent injection attacks
  • Regular security testing including penetration testing
  • Continuous monitoring for suspicious activities

6. Security Incident Response

We have established procedures for managing security incidents:

  • A dedicated incident response team
  • Documented incident response procedures
  • Regular testing of incident response plans
  • Timely notification to affected users in case of a data breach
  • Post-incident analysis to prevent future occurrences

7. Employee Security

Our security measures extend to our team:

  • Background checks for all employees with access to sensitive systems
  • Regular security awareness training
  • Principle of least privilege for system access
  • Secure access methods for remote work
  • Clear off-boarding procedures when employees leave

8. Compliance

We adhere to relevant security standards and regulations:

  • GDPR compliance for data protection
  • Regular security audits and assessments
  • Vendor security assessments for third-party services
  • Industry-standard security practices

9. Security Updates

We continuously improve our security measures:

  • Regular updates to security protocols
  • Monitoring of emerging security threats
  • Implementation of enhanced security features as they become available

10. User Responsibilities

While we implement robust security measures, security is a shared responsibility. We recommend that users:

  • Use strong, unique passwords
  • Enable multi-factor authentication when available
  • Keep their devices and software updated
  • Be cautious of phishing attempts
  • Report any suspicious activities or potential security issues

11. Contact Information

For security-related inquiries or to report a security concern, please contact our security team at:

Email: security@pricefox.app

12. Changes to This Security Policy

We may update our Security Policy from time to time. We will notify you of any changes by posting the new Security Policy on this page and updating the "Last Updated" date.