Security at PinkSpider.
How PinkSpider protects your data: encryption in transit and at rest, access controls, and continuous monitoring built in from day one.
Data encrypted at rest and in transit
All data in transit is protected with TLS. Sensitive personal data is encrypted at the field level using AES-256-GCM before storage. Passwords are hashed using bcrypt and are never stored or logged in recoverable form.
Role-based access with granular permissions
Every user is assigned a role that determines exactly what they can see, create, edit, and approve. Permissions are enforced server-side on every request. Resource-level authorization verifies ownership and team membership before granting access to any submission, document, campaign, or file.
Your data is never shared across organizations
Every data query is strictly scoped to the authenticated company. Cross-tenant data access is architecturally prevented at the storage layer. External-facing identifiers use randomly generated UUIDs rather than sequential IDs.
Built-in protection against common attack vectors
All state-changing requests are protected by CSRF tokens. Rate limiting is applied across all endpoints using a sliding-window approach. Session validity is re-verified against the database during active sessions.
Contact security
Found a vulnerability or have a question about our security practices? Reach us at security@pinkspider.ai.
Privacy Policy Contact