Security & Compliance

Enterprise-grade infrastructure.
Transparent by design.

SafeScore is built on proven, enterprise-grade cloud infrastructure. Here is exactly what we use and how your data is protected.

Infrastructure

What we run on

Hosting
Netlify CDN
Global edge network with 99.99% uptime SLA. Automatic HTTPS, atomic deploys, and DDoS-resilient delivery.
API Backend
Railway
Managed cloud infrastructure, US-based. Isolated compute environments with automatic scaling and health monitoring.
Database
Supabase
PostgreSQL with Row-Level Security enabled on all tables. Managed backups and point-in-time recovery.
DNS & DDoS
Cloudflare
Enterprise DDoS mitigation, Web Application Firewall (WAF), and global Anycast DNS routing.

Data Security

How your data is protected

TLS in Transit

All data in transit is encrypted using TLS 1.2 or higher. All API endpoints are HTTPS-only. Plain HTTP requests are automatically redirected to HTTPS.

Encryption at Rest

Database records are encrypted at rest using AES-256. No unencrypted sensitive data is stored anywhere in the stack.

No PII in API Responses

SafeScore API responses contain only address-based risk scores and category data. No personally identifiable information is returned in API responses or stored in API logs.

Row-Level Security

Supabase Row-Level Security (RLS) is enabled on all database tables. Database-level access controls ensure each user can only access their own data.

Data Practices

What we do and do not do with data

  • SafeScore does not sell user data to third parties — ever.
  • API query addresses are not stored permanently. They are used only to compute the requested score and are discarded after the response is returned.
  • No behavioral tracking beyond standard analytics. SafeScore uses Google Analytics 4 (GA4) for aggregate usage data. No session recording, keystroke logging, or third-party behavioral tracking is in use.
  • User email addresses are stored only for account management and product communications. They are never shared with advertisers or data brokers.
  • All data handling practices are described in full in the Privacy Policy at getsafescore.com/privacy/.

Uptime & Reliability

Availability commitments

99.5%
API uptime target (monthly)
99.99%
CDN uptime (Netlify SLA)
On-demand
Score computation — real-time against live sources
24 hrs
Enterprise support response commitment

Scores are computed on-demand against live data sources at the time of request. Source data update frequencies vary by agency. See the data freshness table on the enterprise page for current update schedules by source.

Enterprise clients receive priority support via safescore@getsafescore.com with a 24-hour response commitment during business days.

Compliance Posture

Where we stand

Area Status
HTTPS enforcement Active
Data encryption in transit TLS 1.2+
Data encryption at rest AES-256
PII in API responses None
Third-party data resale None
US-based infrastructure Yes
Privacy Policy Published
Terms of Service Published
GDPR/CCPA notices Published in Privacy Policy
SOC 2 Not yet certified
HIPAA Not applicable

Note on SOC 2: SafeScore is not currently SOC 2 certified. Enterprise clients with SOC 2 requirements should contact safescore@getsafescore.com to discuss their specific compliance needs. We are happy to provide security documentation and answer questionnaires on a case-by-case basis.

Security questions or enterprise compliance requirements?

Contact us directly. We respond to security inquiries and enterprise compliance questionnaires by email.

safescore@getsafescore.com