Security at StockWise AI
Your data — and your family's data — is treated with the highest level of care. Here's exactly how we protect it.
Data Encryption
- ✓All data is encrypted in transit using TLS 1.3
- ✓Data at rest is encrypted using AES-256
- ✓Session tokens are signed with HS256 JWT and rotated on each login
- ✓Passwords are never stored — we use OAuth 2.0 for authentication
Payment Security
- ✓All payments are processed by Stripe — a PCI DSS Level 1 certified provider
- ✓StockWise AI never stores card numbers, CVV codes, or expiry dates
- ✓Stripe uses 3D Secure and fraud detection on every transaction
- ✓Webhook events are verified with Stripe signature validation
Infrastructure
- ✓Hosted on enterprise-grade cloud infrastructure with 99.9% uptime SLA
- ✓Database access is restricted to application servers only — no public exposure
- ✓Regular automated backups with point-in-time recovery
- ✓Dependency vulnerabilities are monitored and patched continuously
Privacy & Data Access
- ✓We never sell your personal data to third parties
- ✓Your inventory and meal data is private to your account
- ✓Household members only see data you explicitly share with them
- ✓You can request full data deletion at any time via your Profile page
Incident Response
- ✓Security incidents are investigated within 24 hours
- ✓Affected users are notified promptly in compliance with applicable law
- ✓We maintain an internal incident log and post-mortem process
- ✓Critical vulnerabilities are patched and deployed within 48 hours
Compliance
- ✓GDPR-compliant data handling for EU users
- ✓CCPA-compliant privacy practices for California residents
- ✓Cookie usage is limited to essential session cookies and opt-in analytics
- ✓Our Privacy Policy and Terms of Service are always publicly accessible