Enterprise-Grade Security
Bank-grade encryption and infrastructure designed to protect your most sensitive deal information
Our Security Commitment
At Deal Shield, security isn't an afterthought—it's the foundation of everything we do. We understand that you're trusting us with highly confidential transaction data worth millions of dollars. That's why we've built our platform with the same security standards used by financial institutions and government agencies.
256-bit AES Encryption
All data is encrypted at rest using military-grade 256-bit AES encryption. Data in transit uses TLS 1.3 protocol, ensuring end-to-end protection.
72-Hour Auto-Delete
Investigation data is automatically and permanently deleted after 72 hours, minimizing exposure. You can also delete anytime manually.
SOC 2 Type II Certified
Our infrastructure meets the highest standards for security, availability, and confidentiality as verified by independent auditors.
Isolated Data Storage
Each customer's data is logically isolated with strict access controls. No cross-customer data access is possible.
Zero Trust Architecture
Multi-factor authentication required for all accounts. Role-based access controls and principle of least privilege enforced throughout.
Regular Security Audits
Quarterly penetration testing by third-party security firms. Continuous vulnerability scanning and monitoring.
Data Protection
Encryption Standards
Data at Rest
All stored data uses 256-bit AES encryption (same as banks):
- ✓Uploaded documents encrypted in database
- ✓Investigation results encrypted
- ✓Passwords hashed with bcrypt (never plain text)
- ✓Encryption keys stored in secure vault
Data in Transit
All communications use TLS 1.3 encryption:
- ✓Browser to server: HTTPS only (no HTTP)
- ✓API communications encrypted
- ✓Database connections encrypted
- ✓Perfect Forward Secrecy (PFS) enabled
Automatic Data Deletion
Why 72 hours? We believe in data minimization. The less time sensitive data exists in any system, the lower the risk. Most due diligence decisions happen within 48-72 hours, so we automatically purge all investigation data after this window.
Manual deletion: Need data removed immediately? Use the "Delete" button on any investigation in your dashboard for instant, permanent deletion.
Data Isolation
Every customer's data is logically isolated within our database:
- ✓Row-level security policies enforce data segregation
- ✓No cross-customer queries possible
- ✓Separate encryption keys per customer
- ✓Database-level access controls enforced
Infrastructure Security
Cloud Infrastructure
Deal Shield runs on enterprise-grade cloud infrastructure with industry-leading security:
Hosting: Vercel
SOC 2 Type II certified, DDoS protection, global CDN
Database: Supabase
SOC 2 Type II certified, automatic backups, encryption
Payments: Stripe
PCI DSS Level 1 certified, we never see card data
Monitoring: 24/7
Real-time alerting, automated incident response
Network Security
- ▸Firewalls: Multi-layer firewalls protect against unauthorized access
- ▸DDoS Protection: Automatic detection and mitigation of distributed attacks
- ▸Rate Limiting: API rate limits prevent abuse and ensure availability
- ▸IP Whitelisting: Available for Enterprise customers
Backup & Disaster Recovery
While we automatically delete investigation data after 72 hours, we maintain robust backup systems for account and configuration data:
- ✓Automated daily backups with 30-day retention
- ✓Geo-redundant storage across multiple regions
- ✓Tested disaster recovery procedures (RTO: 4 hours, RPO: 1 hour)
- ✓High availability architecture with 99.9% uptime SLA
Access Control & Authentication
Multi-Factor Authentication (MFA)
MFA is required for all Deal Shield accounts, providing an additional layer of security beyond passwords:
Supported Methods
- • Authenticator apps (recommended)
- • SMS verification codes
- • Email verification codes
- • Hardware security keys
When MFA is Required
- • Login from new device
- • Password changes
- • Account settings updates
- • Every 30 days (session refresh)
Password Security
- ✓Bcrypt Hashing: Passwords hashed using industry-standard bcrypt with salt
- ✓Never Stored in Plain Text: We can never see your actual password
- ✓Strong Password Requirements: Minimum 12 characters, mix of letters, numbers, symbols
- ✓Breach Detection: Passwords checked against known breach databases
Session Management
- ▸Sessions expire after 7 days of inactivity
- ▸Concurrent session limits to prevent account sharing
- ▸Ability to view and revoke active sessions
- ▸Automatic logout on suspicious activity
Compliance & Auditing
Certifications & Standards
SOC 2 Type II
Independently audited and certified for security, availability, confidentiality, and privacy. Reports available to Enterprise customers under NDA.
GDPR Compliant
Full compliance with European data protection regulations. Data processing agreements available. User rights fully supported.
CCPA Compliant
California Consumer Privacy Act compliant. We don't sell personal information. Full transparency on data usage.
ISO 27001 Ready
Infrastructure and processes aligned with ISO 27001 information security standards. Certification in progress.
Security Audits & Testing
Penetration Testing
- ✓Quarterly external pentests by certified firms
- ✓Annual internal security assessments
- ✓Continuous vulnerability scanning
- ✓Bug bounty program for researchers
Code Security
- ✓Static code analysis on every commit
- ✓Dependency vulnerability scanning
- ✓Peer code reviews required
- ✓Security training for all engineers
Audit Logging
Comprehensive audit trails for security monitoring and compliance:
- ▸All user authentication events logged (login, logout, failed attempts)
- ▸Data access and modification tracked with timestamps
- ▸API calls logged with request details
- ▸Logs retained for 90 days (longer for Enterprise)
- ▸Immutable audit logs (tamper-proof)
Incident Response
While we work hard to prevent security incidents, we're prepared to respond quickly and effectively if one occurs:
Our Incident Response Process
Detection & Assessment
24/7 monitoring systems alert our team within minutes. Immediate impact assessment begins.
Containment
Isolate affected systems to prevent spread. Preserve evidence for investigation.
Customer Notification
Affected customers notified within 24 hours with clear details and recommended actions.
Remediation & Recovery
Fix vulnerabilities, restore services, and implement additional safeguards.
Post-Incident Review
Comprehensive analysis to prevent future occurrences. Update security procedures.
Contact for Security Issues
If you discover a security vulnerability or have security concerns:
security@dealshield.com
Our security team monitors this 24/7 and responds within 1 hour.
Bug Bounty Program
Responsible disclosure program for security researchers:
- • Cash rewards for valid vulnerabilities
- • Public acknowledgment (if desired)
- • Safe harbor for good-faith research
Employee Access & Training
Human error is often the weakest link in security. We address this through strict access controls and continuous training:
Access Controls
- ✓Principle of least privilege enforced
- ✓Role-based access control (RBAC)
- ✓Just-in-time access provisioning
- ✓Quarterly access reviews and audits
- ✓Automatic access revocation on departure
Security Training
- ✓Security training during onboarding
- ✓Quarterly security awareness updates
- ✓Phishing simulation testing
- ✓Secure coding practices for engineers
- ✓NDAs and security agreements signed
Customer Data Access: Deal Shield employees have NO access to your investigation data or uploaded documents. Our systems are designed so that customer data is encrypted and inaccessible to our team, even for debugging purposes. Only automated systems process your data.
Have Security Questions?
Our security team is here to help. We're happy to provide additional documentation, answer questions about our security practices, or discuss custom security requirements for Enterprise customers.