Security at Biz Reputation

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption. API communications use HTTPS exclusively. Database connections are encrypted end-to-end. We never store raw credit card numbers — all payment data is processed securely by Stripe (PCI-DSS Level 1 certified).

Biz Reputation undergoes annual SOC 2 Type II audits covering security, availability, and confidentiality trust service criteria. Our security controls are independently verified by a third-party auditor. Contact [email protected] to request a copy of our latest SOC 2 report.

We comply with GDPR, CCPA, and the Utah Consumer Privacy Act (UCPA). We do not sell personal data. AI processing data is not used to train models. Google Business Profile data usage complies with Google's Limited Use requirements. See our Privacy Policy for full details.

Our platform runs on enterprise-grade cloud infrastructure with automatic failover, daily encrypted backups, and 99.9% uptime SLA. All production systems are monitored 24/7 with automated alerting. Database backups are encrypted and stored in geographically separate regions.

We enforce role-based access control (RBAC) throughout the platform. All employee access to production systems requires multi-factor authentication and is logged for audit purposes. Access reviews are conducted quarterly. The principle of least privilege is applied to all internal systems.

We maintain a documented incident response plan with defined severity levels, escalation procedures, and communication templates. In the event of a security incident affecting customer data, we will notify affected customers and applicable regulators within the timeframes required by law.

Responsible Disclosure

If you discover a security vulnerability, please report it responsibly to [email protected]. We ask that you give us reasonable time to investigate and address the issue before public disclosure. We do not pursue legal action against researchers who report vulnerabilities in good faith.