Security at Proactiq

Your business data is your most valuable asset. We treat it that way.

Encryption

All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. Passwords are hashed with bcrypt (12 rounds) — we never store plain-text credentials.

Infrastructure

Proactiq runs on hardened Linux servers in India. Database access is restricted to internal networks only. Regular automated backups with point-in-time recovery.

Access controls

Role-based access control (OWNER, ADMIN, MANAGER, MEMBER) ensures team members only see what they need. All sensitive actions are logged in the audit trail.

Payment security

We never store card numbers, CVVs, or bank credentials. All payments are processed by Razorpay, which is PCI DSS compliant. We store only payment confirmation references.

Vulnerability disclosure

Found a security issue? Please report it responsibly via our contact page (select Security). We acknowledge reports within 24 hours and aim to resolve critical issues within 7 days.

Account protection

Accounts are locked for 15 minutes after 5 consecutive failed login attempts. Sessions use cryptographically signed JWTs with 30-minute inactivity timeout and warning before expiry. Email verification is required on signup.

Report a security vulnerability

We take security seriously. If you discover a vulnerability, please contact us privately before disclosing publicly.

Report via contact page →