Security at PryceScan

Your pricing data is sensitive. We treat it that way. Here is how we protect your business information at every layer.

Encryption everywhere

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. API keys are stored as SHA-256 hashes. Database credentials are rotated regularly and never stored in application code.

Complete data isolation

Every organisation's data is fully isolated. All database queries are scoped by organisation ID at the application layer. Row-level security policies provide an additional safeguard against cross-tenant data access. Your competitor data, pricing rules, and team information are never visible to other customers.

Managed infrastructure

PryceScan runs on enterprise-grade managed infrastructure with automatic failover, daily backups, and 99.9%+ uptime across all services. Our providers maintain SOC 2 compliance, and all data is hosted in regions with strong data protection regulations.

Secure authentication

PryceScan uses industry-standard OAuth 2.0 for authentication. Sessions are managed with secure, HTTP-only cookies. API access uses hashed bearer tokens with configurable permission levels. Enterprise customers can enable SSO via SAML for centralised identity management.

Role-based access

Four permission levels (Admin, Manager, Viewer, Guest) follow the principle of least privilege. API keys support read-only and full-access modes. All access changes are logged in the audit trail. Organisation owners control who can view, edit, and approve pricing decisions.

Data retention and portability

You own your data. Pricing history, competitor data, and configuration are available for export at any time on all paid plans. Data retention periods vary by plan, from 30 days on Basic to unlimited on Enterprise. When you cancel, your data is retained for 30 days before permanent deletion. We comply with GDPR data portability requirements.

Continuous monitoring

All systems are monitored around the clock with automated alerting. We track error rates, latency, and availability across every service. Anomalous access patterns are flagged and investigated. Platform health is visible at status.prycescan.com.

Compliance roadmap

PryceScan is GDPR-compliant with documented data processing agreements available for Enterprise customers. We are actively working toward SOC 2 Type II certification. Our infrastructure providers are SOC 2 certified, and we follow their shared responsibility models for security controls.

Responsible disclosure

If you discover a security vulnerability, please report it to [email protected]. We take all reports seriously, acknowledge receipt within 24 hours, and aim to resolve confirmed issues within 72 hours. We do not pursue legal action against good-faith security researchers.