Your data security is our top priority
Enterprise-grade security for businesses of all sizes. Your customer data stays protected, private, and under your control.
256-bit
SSL Encryption
GDPR
Compliant
99.9%
Uptime SLA
Daily
Backups
Data Protection & Privacy
End-to-end encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. Your customer information is protected at every step.
GDPR & privacy compliance
We're fully GDPR compliant. Your customers have the right to access, modify, or delete their data at any time. We never sell or share customer data with third parties.
Secure infrastructure
Hosted on enterprise-grade infrastructure (AWS/Supabase) with automatic security updates, DDoS protection, and 24/7 monitoring.
Regular security audits
We conduct quarterly security audits and penetration testing. All critical vulnerabilities are patched within 24 hours.
Incident response
In the unlikely event of a security incident, we'll notify affected customers within 72 hours and provide full transparency on impact and remediation.
Data Ownership & Access
You own your data
All customer data belongs to you. Export it anytime in CSV format. Delete your account and all data is permanently removed within 30 days.
Minimal data collection
We only collect what's necessary to run the service: customer names, contact info, and referral activity. No tracking pixels, no analytics cookies.
No third-party access
Your data stays in our secure database. We don't sell, rent, or share customer information with advertisers or data brokers. Ever.
Compliance & Certifications
GDPR Compliant
Full compliance with EU data protection regulations
ISO 27001
Roadmap 2025 - Information security management
SOC 2 Type II
Roadmap 2025 - Security, availability, confidentiality
PCI DSS
Payment processing via certified partners (Stripe)
Frequently Asked Questions
Where is my data stored?
All data is stored in secure, encrypted databases hosted on AWS infrastructure in the EU (London region). We use Supabase for database management with automatic backups and point-in-time recovery.
Can I export my customer data?
Yes, you can export all your data as CSV files anytime from your dashboard. This includes customer lists, referral history, and rewards data.
What happens if I delete my account?
All your data is permanently deleted within 30 days. We keep backups for 30 days for recovery purposes, then everything is wiped. You can request immediate deletion by contacting support.
Do you have a bug bounty program?
Yes! Report security vulnerabilities to security@pepform.com. We offer rewards for valid findings based on severity. Please practice responsible disclosure.
How do you handle SMS data?
SMS notifications are sent via Twilio, a certified communications provider. We only transmit necessary data (phone number, message content) over encrypted connections. Twilio doesn't store message content.
Have security questions?
Our team is here to help. Get in touch for security audits, compliance documentation, or custom security requirements.