Security at PinkSpider.

How PinkSpider protects your data: encryption in transit and at rest, access controls, and continuous monitoring built in from day one.

Data encrypted at rest and in transit

All data in transit is protected with TLS. Sensitive personal data is encrypted at the field level using AES-256-GCM before storage. Passwords are hashed using bcrypt and are never stored or logged in recoverable form.

Role-based access with granular permissions

Every user is assigned a role that determines exactly what they can see, create, edit, and approve. Permissions are enforced server-side on every request. Resource-level authorization verifies ownership and team membership before granting access to any submission, document, campaign, or file.

Your data is never shared across organizations

Every data query is strictly scoped to the authenticated company. Cross-tenant data access is architecturally prevented at the storage layer. External-facing identifiers use randomly generated UUIDs rather than sequential IDs.

Built-in protection against common attack vectors

All state-changing requests are protected by CSRF tokens. Rate limiting is applied across all endpoints using a sliding-window approach. Session validity is re-verified against the database during active sessions.

Contact security

Found a vulnerability or have a question about our security practices? Reach us at security@pinkspider.ai.

Privacy Policy Contact