Security

Security and privacy are at the core of everything we do at AddonPulse. Here's how we protect your data and maintain a secure analytics platform.

Visitor Privacy Protection

Your website visitors' privacy is paramount. Here's how we protect it:

  • No cookies or local storage used for tracking
  • IP addresses are hashed and anonymized
  • User-Agent strings are hashed daily with rotating salts
  • Raw visitor data is never stored

Infrastructure Security

Hosting

AddonPulse is hosted on Vercel servers and Railway. Both providers have robust security measures in place, including:

  • Physical security at data centers
  • DDoS protection
  • Redundant infrastructure
  • 24/7 monitoring
  • Daily backups

Network Security

Our database servers are not accessible on the open internet. They are protected behind private networks with strict firewall rules, ensuring that only authorized application servers can access them. This significantly reduces the attack surface and protects your data from external threats.

User Authentication & Account Security

We take account security seriously:

  • Passwords are hashed and salted
  • Each password gets a unique salt - no rainbow table attacks possible
  • We never store passwords in plain text
  • Sessions expire after 14 days of inactivity
  • Secure password reset flows
  • Account activity monitoring

Data Ownership & Control

You have complete control over your data:

  • You own 100% of your website/extension analytics data
  • You can delete your account and all associated data at any time
  • You can delete individual sites and their data

Data Deletion

After cancellation or downgrade to free trial, your analytics data will be permanently deleted within 60 days. We recommend exporting your data before cancellation if you wish to retain it. Once deleted, data cannot be recovered.

Payment Security

We never store your payment details. All payment processing is handled by PCI DSS compliant payment processors (Stripe). Your credit card information goes directly to the payment processor and never touches our servers.

Continuous Monitoring & Updates

We maintain a secure platform through:

  • Continuous infrastructure monitoring
  • Regular security updates and patches
  • Comprehensive automated testing
  • Public changelog of all updates
  • Dependency vulnerability scanning

Compliance

AddonPulse is designed to help you comply with privacy regulations:

  • GDPR compliant (no personal data collection)
  • CCPA compliant
  • PECR compliant (no cookie consent needed)
  • Can be used without cookie banners in most jurisdictions

Vulnerability Disclosure

If you discover a security vulnerability in AddonPulse, please report it responsibly:

  • Email us at support@addonpulse.com
  • Provide detailed information about the vulnerability
  • Allow us reasonable time to address the issue before public disclosure
  • We will acknowledge your contribution publicly (unless you prefer to remain anonymous)

Questions?

If you have any questions about our security practices, please contact us at support@addonpulse.com.