Security

Document Version: 1.1
Last Updated: June 12, 2025

Overview

Pricemaster has been designed with security, performance, and data integrity at its core. This document outlines the technical and security measures implemented to ensure the confidentiality, integrity, and availability of customer data, as well as the shared responsibilities between us (the application provider) and the underlying server infrastructure provider.

Server Security

Pricemaster is hosted on secure, enterprise-grade cloud servers that follow a shared responsibility security model. This means that while the server provider is responsible for securing the underlying infrastructure, we maintain responsibility for securing the application stack, access controls, and customer data.

Server-Side Security Responsibilities

Physical & Environmental Security

  • Secure data centers with 24/7 surveillance and access control.
  • Environmental safeguards including fire detection, water leakage monitoring, and HVAC systems.
  • Disaster recovery and failover capabilities across multiple regions.

Network & Infrastructure Security

  • Built-in DDoS protection to mitigate common attack vectors.
  • Hardware and software firewalls to guard internal systems.
  • Intrusion Detection & Prevention Systems (IDPS) on network edges.

Disk Encryption

  • All storage volumes are encrypted at rest using strong encryption algorithms.
  • Snapshots and backups are also encrypted.

Compliance & Certifications

  • Data centers are compliant with PCI DSS, SOC 2, and ISO 27001 standards.
  • Regular audits are conducted to maintain certification status.

Application Security Testing (Server Tools)

  • Regular vulnerability assessments on server management tools.
  • Penetration testing conducted by the server provider’s security team.

Client-Side Responsibilities

Application Security

  • Our development team follows OWASP guidelines for secure coding practices.
  • We implement regular patching of application libraries and core components.
  • Use of input validation and output sanitization to prevent injection attacks.

Access Control

  • Customer administrators manage user roles and permissions.
  • Access to backend servers is secured using SSH keys or strong passwords only.
  • All sessions are secured via HTTPS using TLS 1.3.

Network Security

  • Configurable IP whitelisting and application-level firewalls.
  • Rate-limiting and bot protection mechanisms are in place.

Monitoring & Auditing

  • Logs are monitored for suspicious behavior and retained for audit purposes.
  • Real-time monitoring and alerting for login anomalies or potential intrusions.

Application Data Security

We take extensive measures to protect sensitive customer data both in transit and at rest.

Database & Field-Level Encryption

  • MySQL Encryption is used to secure the database at the storage level.
  • Sensitive data fields (e.g., cost prices, sales figures, stock levels) are encrypted using a hybrid encryption model:
  • Asymmetric Encryption (RSA) for key exchanges.
  • Symmetric Encryption (AES-256) for efficient data handling.
  • These fields are encrypted with keys derived from the user's password hash, which is stored using BCRYPT for maximum protection.

Data Visibility Controls

  • Internal staff (including support and development teams) cannot access sensitive fields such as cost prices and sales figures.
  • Access to business-critical data is restricted and logged, with all encryption keys handled securely.

Authentication & Account Security

  • Two-Factor Authentication (2FA) is available for all accounts. The default method is email-based verification, with optional support for authenticator apps (upon request).
  • Brute-force protections and rate limits are in place on login endpoints.
  • All passwords are stored using BCRYPT hashing with a configurable work factor to adapt to current CPU capabilities.

Compliance, Backups & Uptime

  • Daily encrypted backups with multi-region redundancy.
  • 99.9% uptime SLA supported by server provider infrastructure and our own monitoring.
  • GDPR-compliant data processing and retention policies.

Ongoing Improvements

We continually invest in improving our application’s security posture through:

  • Routine penetration testing by third-party firms.
  • Code audits and automated dependency vulnerability scans.
  • A public Responsible Disclosure Policy to encourage ethical hacking practices.

Contact & Support

If you have specific security concerns or require additional information regarding compliance, data handling, or penetration test reports, please contact our support or security team:

[email protected]