Security

Encryption

• All traffic to DetailChimps.com is served over TLS 1.2+ with modern cipher suites and HSTS.
• Personal data at rest is encrypted with AES-256 by our database and storage providers.
• Payment card details never touch our servers — Stripe tokenization is used for all charges.

Access control

• Row-level security (RLS) is enabled on every customer-facing table; policies are tested in CI.
• Admin operations require a separate role and are logged to an immutable audit trail.
• Optional two-factor authentication (TOTP) is available to all users at Account → Security. Admin access requires 2FA.
• OAuth clients (MCP and partner integrations) use PKCE and short-lived tokens with refresh.

Operational practices

• Least-privilege service accounts; secrets stored in a managed vault and rotated periodically.
• Dependency scanning on every build; high-severity findings block release.
• Continuous backups with point-in-time restore.
• Vendor due diligence — see our Subprocessors list.

Responsible disclosure

If you discover a vulnerability, please email security@DetailChimps.com. Please give us a reasonable window to remediate before public disclosure. We do not currently offer a paid bug bounty but we will publicly credit researchers who follow this policy.

Status & incidents

We will post material incidents and remediation timelines on this page and notify affected users within the windows required by law (including 72-hour GDPR breach notifications where applicable).