Security First

All sensitive data is encrypted at rest using AES-256 and in transit via TLS 1.3. We enforce HSTS to ensure browsers only interact with Vouch over secure connections.

We use one-way hashing (SHA-256) for email addresses before storage. This means we can detect fraud patterns without ever storing raw PII (Personally Identifiable Information) in plain text.

Our infrastructure runs on Cloudflare's global edge network and Supabase, inheriting world-class physical security, DDoS protection, and compliance certifications (SOC 2, ISO 27001).

We are fully compliant with GDPR and CCPA. We offer Data Processing Agreements (DPAs) to all enterprise customers and provide tools for Right to Erasure requests.