Security & Trust

Your data is safe with ProofBeer.

We take security seriously — not as a checkbox, but as a core part of building a platform people can trust. Here is how we protect your data and your customers' data.

GDPR Compliant
CCPA Compliant
TLS Encryption
Data at Rest Encrypted
99.9% Uptime Target
No Data Selling

Security Foundations

Encryption Everywhere

All data transmitted between your browser and ProofBeer is encrypted using TLS 1.2 or higher. Data at rest — including form responses, review content, and user credentials — is encrypted in storage.

Secure Authentication

User passwords are hashed using bcrypt with a high work factor before storage — plain-text passwords are never stored. Session tokens use signed JWTs with short expiry windows to limit exposure.

Cloud Infrastructure

ProofBeer runs on enterprise-grade cloud infrastructure with automated failover, daily backups, and geographically distributed storage. File uploads are stored on Google Cloud Storage with access controls.

Minimal Data Access

Internal access to customer data is limited to authorised personnel on a strict need-to-know basis. No ProofBeer employee accesses customer form responses or review data without explicit customer request or legal requirement.

Continuous Monitoring

Our systems are monitored continuously for anomalous activity, failed authentication attempts, and unusual data access patterns. Security patches are applied promptly when vulnerabilities are identified.

Uptime Commitment

We target 99.9% uptime for all ProofBeer services. Planned maintenance windows are communicated in advance. Historical uptime and incident reports are available to paid plan customers on request.

Compliance

GDPR

ProofBeer processes personal data as a Data Processor on behalf of our business customers (Data Controllers). We maintain a GDPR-compliant Data Processing Agreement and support data subject rights.

Read our DPA

CCPA

California residents have the right to know, delete, and opt out of the sale of their personal data. ProofBeer does not sell personal data. Data deletion requests are processed within 30 days.

Read our Privacy Policy

Cookie Compliance

We use only necessary, analytics, and functional cookies. Our Cookie Policy discloses all cookies and third-party tracking technologies used on the ProofBeer website and platform.

Read our Cookie Policy

Found a Security Issue?

We welcome responsible disclosure of security vulnerabilities. If you discover a potential security issue in ProofBeer, please report it to us privately before making it public. We commit to acknowledging your report within 48 hours and working with you to resolve the issue promptly.

Report a Vulnerability

Please do not disclose security issues publicly until we have had a chance to address them.

Security or compliance questions? hello@proofbeer.com · Privacy Policy · Data Processing Agreement