Security

Your data. Your customers.
Not ours to sell.

Privacy isn't a feature we bolted on. It's a foundational decision that shaped how we built everything.

End-to-end encryption

Your customers' payment information and personal data are encrypted at every step. We use AES-256 encryption for data at rest and TLS 1.3 for data in transit. We can't read your data, and neither can anyone else.

Regular security audits

We don't just hope we're secure. We verify it. Independent security audits, continuous vulnerability monitoring, and documented security practices. We take this seriously.

No data selling. Ever.

Your mailing list is yours. Your customer behavior is yours. We make money when you succeed, not when we sell access to your audience. This isn't negotiable.

Transparent practices

Our privacy policy is written in plain language. If you want to know what we collect and why, we'll tell you clearly. No legal jargon designed to confuse.

Technical security measures

Data Protection

  • AES-256 encryption at rest
  • TLS 1.3 encryption in transit
  • Encrypted database backups
  • Secure key management
  • Regular key rotation

Infrastructure

  • SOC 2 compliant hosting
  • DDoS protection
  • Web application firewall
  • Rate limiting
  • Automated security patches

Access Control

  • Two-factor authentication
  • Role-based permissions
  • Session management
  • Audit logging
  • API key authentication

Compliance

PCI DSS

Payment card data handled through Square and Stripe's Level 1 PCI certified infrastructure.

GDPR

Full compliance with European data protection regulations including right to erasure.

CCPA

California Consumer Privacy Act compliant with full data disclosure and deletion rights.

Responsible disclosure

We take security vulnerabilities seriously. If you discover a security issue, we want to hear about it.

How to report

Email security concerns to legal@equipoi.se with a detailed description of the vulnerability. Include steps to reproduce if possible.

What to expect

  • Acknowledgment within 24 hours
  • Regular updates on our investigation
  • Credit in our security acknowledgments (if desired)
  • We won't pursue legal action for good-faith reports

Please give us reasonable time to address issues before public disclosure.

Your data belongs to you

Export anytime. Download all your data in standard formats (CSV, JSON) whenever you want. No lock-in, no hostage situations.

Delete on request. Close your account and we'll delete your data. Not archive it, not anonymize it—delete it. Within 30 days, it's gone.

No training on your data. We don't use your customer data to train machine learning models or improve our algorithms. Your business is not our product.

Full transparency. Want to know exactly what data we have about you or your customers? Just ask. We'll provide a complete export.

Questions about security?

We're happy to discuss our practices in detail.

Contact Security Team

We use essential cookies to make this site work. Learn more