Our commitment
Security is foundational to every product we ship. We implement industry-standard controls to protect confidentiality, integrity, and availability of customer data.
Encryption
- In transit: All web traffic uses TLS (HTTPS). API communications are encrypted.
- At rest: TLS in transit; encrypted storage at rest where supported by infrastructure providers
Hosting & infrastructure
Applications are hosted on reputable cloud infrastructure (Vercel / Render) in EU & US regions. We use managed database services with access restricted to authorised personnel only.
Availability
We monitor application health and aim for high availability. Planned maintenance is communicated in advance where possible. For critical issues, contact pwrinnovations@gmail.com.
Access control
- Role-based access within each product
- Strong password requirements for customer accounts
- Principle of least privilege for internal access
Backups & recovery
Production databases are backed up regularly. We maintain recovery procedures to restore service in the event of data loss or infrastructure failure.
Subprocessors
We use trusted third parties to deliver our services:
- Vercel / Render — Application hosting
- PostgreSQL (managed) — Database hosting
- FastSpring / Polar — Payment processing (Merchant of Record)
- Nodemailer / SMTP provider — Transactional email
Report a vulnerability
If you discover a security issue, please report it responsibly to pwrinnovations@gmail.com. We investigate all reports promptly.