Security

At Paxit, security is a top priority. We are committed to protecting your data and maintaining the trust you place in us.

Our Security Commitment

We understand that your team's data is sensitive. That's why we've built Paxit with security at its core, implementing industry best practices and continuously improving our security posture.

Infrastructure Security

  • Cloud Infrastructure

    Paxit is hosted on industry-leading cloud providers with SOC 2 Type II certification and robust physical security measures.

  • Network Security

    We employ firewalls, intrusion detection systems, and DDoS protection to safeguard our infrastructure.

  • High Availability

    Our systems are designed for redundancy and failover to ensure continuous availability of your data.

Data Protection

  • Encryption in Transit

    All data transmitted between your browser and our servers is encrypted using TLS 1.3.

  • Encryption at Rest

    All stored data is encrypted using AES-256 encryption to protect against unauthorized access.

  • Regular Backups

    Automated daily backups ensure your data can be recovered in case of any incident.

Application Security

  • Secure Authentication

    We use secure password hashing (bcrypt) and support OAuth 2.0 for Slack integration.

  • Session Management

    Secure session handling with automatic expiration and the ability to revoke sessions.

  • Input Validation

    All user inputs are validated and sanitized to prevent injection attacks and XSS vulnerabilities.

Access Controls

  • Principle of Least Privilege

    Team members only have access to the data and features they need for their role.

  • Role-Based Access Control

    Granular permissions allow administrators to control who can access and modify data.

  • Audit Logging

    Comprehensive logging of security-relevant events for monitoring and compliance.

Compliance & Data Residency

  • GDPR Compliant by Design

    While we don't hold formal certifications, Paxit is built with privacy at its core. We follow GDPR principles including data minimization, purpose limitation, and privacy by design in every aspect of our service.

  • EU Data Storage

    All your data is stored exclusively within the European Union. Your data never leaves EU borders, ensuring it remains protected under EU data protection laws.

  • EU-Based Infrastructure

    We prioritize EU-based service providers and infrastructure wherever possible, minimizing reliance on non-EU vendors and maintaining data sovereignty.

  • Data Processing Agreement

    We offer a DPA for organizations that require one. See our DPA page for details.

Security Practices

  • Security Reviews

    Regular security assessments and code reviews to identify and address vulnerabilities.

  • Dependency Management

    Automated scanning and timely updates of third-party dependencies.

  • Incident Response

    Documented procedures for responding to and recovering from security incidents.

Report a Vulnerability

We appreciate the work of security researchers. If you discover a security vulnerability, please report it responsibly by contacting us at [email protected]. We will investigate all legitimate reports and work to address issues promptly.

← Back to home