Security at TrendyReports

TrendyReports runs on managed cloud infrastructure provided by Vercel, Render, and Cloudflare — vendors that handle HTTPS at the edge, encrypted storage at rest, and TLS for database connections by default.

What we have today

Passwords are hashed with bcrypt before storage
PostgreSQL row-level security separates tenant data
Sessions use HTTP-only secure cookies
Stripe webhooks are signature-verified
Rate limiting on authentication endpoints
Role-based access controls for platform admins, title company admins, affiliates, and agents
Encrypted storage at rest (PostgreSQL on Render, file storage on Cloudflare R2)
HTTPS/TLS in transit

Providers we use

We rely on reputable managed providers for infrastructure and operations: Vercel (web hosting), Render (API and database hosting), Cloudflare R2 (file storage), Stripe (payments), SendGrid (transactional email), and Twilio (SMS notifications).

What we don't claim

We're explicit about what we don't offer today:

We are not SOC 2 certified
We don't offer multi-factor authentication
We don't support SSO (Google, Microsoft, SAML)
We have not undergone external penetration testing

We continue to invest in our security program as the product matures.

Account and data deletion

To delete your account and associated data, contact us at support@trendyreports.io. We'll process your request as quickly as possible.

Questions

Contact us for security questions, vulnerability reports, or compliance documentation.

support@trendyreports.io