Infrastructure & Network Security

Our infrastructure is built on world-class cloud providers including Vercel, Railway, and Google Cloud Platform. All traffic to and from Chartcastr is encrypted using TLS 1.2 or higher, with HTTPS enforced globally via HSTS preloading. We consistently maintain an A+ rating on SSL Labs, ensuring that your connection is always secure.

To protect against common web vulnerabilities, we implement strict Content Security Policy (CSP) headers. These measures prevent cross-site scripting (XSS) and other code injection attacks by restricting the sources from which scripts and other resources can be loaded.

Compliance & Certification

CASA Type 2 Certified

Chartcastr is CASA (Cloud Application Security Assessment) certified through the App Defense Alliance. This Tier 2 certification involves a rigorous independent assessment of our security posture, validating our commitment to protecting enterprise-grade customer data.

View Certification Request Certification

We are currently in the process of our SOC 2 Type 1 audit, with completion targeted for later this year. We maintain all necessary controls and documentation required for enterprise compliance. Security questionnaires and audit reports are available to enterprise customers upon request.

Data Protection & Privacy

Data at rest is protected using industry-standard AES-256 encryption. This includes all database backups, storage buckets, and sensitive application data. Our PostgreSQL databases are account-scoped, ensuring strict isolation between different organizations.

We practice data minimization: we only collect and store the data necessary to provide our service. For example, Google Sheets data is fetched on-demand for analysis and is not permanently stored on our servers.

Transient Image Storage: Generated chart images are stored in Cloudflare R2 with signed, time-limited URLs. These images automatically expire and are permanently deleted within 24 hours of generation.

Authentication & Access Control

Chartcastr uses Clerk for enterprise-grade authentication. We support multi-factor authentication (MFA), secure session management, and single sign-on (SSO) for enterprise teams. All sensitive credentials, including OAuth tokens for Google and Slack, are encrypted at the application layer before being committed to our database.

Our role-based access control (RBAC) ensures that members within your organization only have access to the resources they are authorized to see. We maintain strict internal access controls, ensuring that no Chartcastr personnel can access customer data without explicit authorization and a clear audit trail.

Secure Development Lifecycle

Our development process is designed with security in mind. Every code change undergoes rigorous peer review and automated security scanning before being deployed. We maintain isolated development, staging, and production environments to ensure that data is never exposed during testing.

We continuously monitor our systems for anomalies and potential threats. Our incident response plan ensures that we can quickly identify, contain, and resolve any security issues that may arise.

Questions or Vulnerability Reports?

If you believe you've found a security vulnerability or have questions about our security posture, please contact our security team immediately.

Email Security Team Read Documentation

Security at Chartcastr