PixelsClearedPixelsCleared

Security Practices

Last updated: June 1, 2026

Encryption

  • HTTPS everywhere — all connections are encrypted with TLS
  • Encryption at rest — sensitive data is encrypted in the database
  • Secure password handling — passwords are never stored in plain text

Access Control

  • Limited access — scan data is accessible only to the account owner
  • Role-based access — team accounts use role-based permissions
  • Audit logs — every mutation is logged with user, action, and timestamp

Data Minimization

  • We do not store POST request bodies by default
  • We do not store form field values, emails, or personal data found in scanned pages
  • Screenshots and HAR files are stored only for paid reports

Infrastructure

  • Databases run in isolated containers with restricted network access
  • Object storage uses S3-compatible encryption
  • Secrets are managed through HashiCorp Vault
  • Regular security updates applied to all dependencies

Incident Response

If a security incident occurs, we will notify affected users within 72 hours. Security incidents are investigated, documented, and resolved with corrective actions.

Vulnerability Reporting

If you discover a security vulnerability in PixelsCleared, please report it responsibly to security@pixelscleared.com. We appreciate responsible disclosure and will respond within 48 hours.