Security & Data Protection

How we protect your financial data and ensure platform security

🔒 Your Data Security is Our Priority

DealVelo employs enterprise-grade security measures to protect your sensitive financial data. All data is encrypted in transit and at rest, hosted on AWS infrastructure in secure US data centers, and protected by industry-standard authentication and access controls.

End-to-End Encryption

All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.

AWS Infrastructure

Hosted on Amazon Web Services with SOC 2, ISO 27001, and HIPAA compliance certifications.

24/7 Monitoring

Continuous security monitoring, threat detection, and automated intrusion prevention.

Data Encryption

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using:

TLS 1.3: The latest and most secure transport layer security protocol
Perfect Forward Secrecy: Each session uses unique encryption keys
HSTS: Enforced HTTPS to prevent downgrade attacks
Certificate Pinning: Additional validation of SSL certificates

Encryption at Rest

All stored data is encrypted using:

AES-256 Encryption: Military-grade encryption for all database records
AWS KMS: Encrypted encryption keys managed by AWS Key Management Service
Encrypted Backups: All backups are encrypted before storage
Secure File Storage: Documents and uploads encrypted in S3 with server-side encryption

Authentication & Access Control

User Authentication

AWS Cognito: Enterprise-grade authentication service
Bcrypt Password Hashing: Passwords hashed with high-cost salt rounds (never stored in plaintext)
Multi-Factor Authentication (MFA): Optional TOTP-based 2FA for additional security
Session Management: Secure, short-lived JWT tokens with automatic expiration
Brute Force Protection: Automatic account lockout after failed login attempts

Access Control

Role-Based Access Control (RBAC): Strict permissions and access policies
Principle of Least Privilege: Users and services only have minimum required permissions
API Authentication: All API requests require valid authentication tokens
Rate Limiting: Protection against API abuse and DDoS attacks

Infrastructure Security

AWS Cloud Security

DealVelo is hosted on Amazon Web Services (AWS), which provides:

Data Centers: Secured facilities with 24/7 physical security and monitoring
Network Isolation: VPC (Virtual Private Cloud) with private subnets and security groups
DDoS Protection: AWS Shield Standard for automatic DDoS mitigation
Compliance Certifications: SOC 1/2/3, ISO 27001, PCI DSS Level 1, HIPAA, and more
US-Based Servers: All data stored in AWS US-East-2 (Ohio) region

Application Security

Secure Code Practices: Regular code reviews and security audits
Input Validation: All user input sanitized to prevent injection attacks
CSRF Protection: Cross-Site Request Forgery tokens on all forms
XSS Prevention: Content Security Policy (CSP) headers and output encoding
SQL Injection Protection: Parameterized queries and ORM frameworks
Dependency Scanning: Automated vulnerability scanning of third-party libraries

Monitoring & Incident Response

Security Monitoring

AWS CloudWatch: Real-time monitoring of all infrastructure and application metrics
CloudTrail Logging: Complete audit trail of all API calls and user actions
Intrusion Detection: Automated alerts for suspicious activity patterns
Error Tracking: Comprehensive logging of errors and exceptions

Incident Response

In the event of a security incident, we have established procedures to:

Immediately contain and investigate the incident
Notify affected users within 72 hours (as required by GDPR)
Implement corrective measures to prevent recurrence
Conduct post-incident review and update security policies

Data Backup & Recovery

Automated Backups: Daily encrypted backups of all database data
Point-in-Time Recovery: Ability to restore data to any point within the last 35 days
Geographic Redundancy: Backups stored across multiple AWS Availability Zones
Disaster Recovery Plan: Tested procedures for rapid service restoration
Backup Encryption: All backups encrypted at rest using AES-256

Payment Security

Stripe Payment Processing:

PCI DSS Level 1 Compliance: Stripe is certified to the highest level of payment security
Tokenization: Credit card details never touch our servers (handled entirely by Stripe)
3D Secure: Additional authentication layer for online payments
Fraud Detection: Stripe Radar machine learning-based fraud prevention

We never store, process, or have access to your full credit card information. All payment data is handled securely by Stripe.

Privacy & Data Handling

Data Minimization: We only collect data necessary for platform functionality
No Data Selling: We NEVER sell your data to third parties
GDPR Compliant: Full compliance with EU data protection regulations
CCPA Compliant: California Consumer Privacy Act compliance
Data Deletion: Complete data removal within 30 days of account deletion request

🔍 Transparency

For complete details on how we collect, use, and protect your data, please review our Privacy Policy.

Third-Party Security

We work only with trusted, industry-leading service providers who maintain high security standards:

Amazon Web Services (AWS)

• SOC 1/2/3, ISO 27001, PCI DSS Level 1, HIPAA compliance
• Physical data center security with 24/7 monitoring
• Network isolation and DDoS protection

Stripe (Payment Processing)

• PCI DSS Level 1 certified (highest security level)
• Tokenization ensures we never see your card details
• Advanced fraud detection and prevention

OpenAI (AI Features)

• Data sent only when you explicitly use AI features
• Data anonymized before processing
• Does not train models on your data per OpenAI API terms

Responsible Disclosure

If you discover a security vulnerability in DealVelo, please report it responsibly:

🛡️ Security Disclosure

Email: security@dealvelo.com

Please include:
• Description of the vulnerability
• Steps to reproduce the issue
• Potential impact assessment
• Your contact information (for follow-up)

We will acknowledge receipt within 48 hours and provide a resolution timeline.

Security Best Practices for Users

You play an important role in keeping your account secure. We recommend:

Strong Passwords: Use unique, complex passwords (minimum 12 characters, mix of letters, numbers, symbols)
Enable MFA: Turn on Multi-Factor Authentication in your account settings
Log Out: Always log out when using shared or public computers
Verify Emails: Be cautious of phishing emails—we'll never ask for your password via email
Keep Software Updated: Use the latest browser version for best security
Monitor Activity: Review your account activity regularly for any suspicious actions

Questions About Security

For security questions or concerns, please contact us:

Security Team: security@dealvelo.com
General Support: support@dealvelo.com
Privacy Inquiries: privacy@dealvelo.com

Home Privacy Policy Terms of Service Cookie Policy