Security at TACTIC

Your venture data is sensitive. We take security seriously and implement industry best practices to protect your information.

Our Security Practices

Data Encryption

  • • TLS 1.3 encryption for all data in transit
  • • AES-256 encryption for data at rest
  • • Encrypted database connections
  • • Secure key management practices

Infrastructure Security

  • • Hosted on Vercel (SOC 2 Type II compliant)
  • • Database on Supabase (SOC 2 compliant)
  • • Automatic security updates
  • • DDoS protection and mitigation

Authentication & Access

  • • Secure password hashing (bcrypt)
  • • Session-based authentication
  • • Role-based access control
  • • Secure password reset flows

Data Protection

  • • Regular automated backups
  • • Point-in-time recovery capability
  • • Data isolation between users
  • • GDPR-compliant data handling

AI Processing Security

TACTIC uses Anthropic's Claude API for venture assessments. Here's how we protect your data during AI processing:

  • No training on your data: Your venture submissions are not used to train AI models
  • Secure API communication: All API calls use encrypted HTTPS connections
  • Enterprise-grade provider: Anthropic maintains SOC 2 Type II certification
  • Data retention limits: Processed data is not retained by Anthropic beyond API response

Payment Security

All payments are processed securely through Stripe, a PCI DSS Level 1 certified payment processor:

  • • We never store your full credit card number on our servers
  • • All payment data is handled directly by Stripe's secure infrastructure
  • • Stripe processes billions of dollars annually for millions of businesses
  • • 3D Secure authentication for additional fraud protection

Responsible Disclosure

Help us keep TACTIC secure

We appreciate the work of security researchers who help identify vulnerabilities. If you discover a security issue, please report it responsibly:

  • • Email us at security@dtactic.com
  • • Provide detailed steps to reproduce the vulnerability
  • • Allow us reasonable time to address the issue before disclosure
  • • Do not access or modify data belonging to other users

We commit to acknowledging reports within 48 hours and providing updates on remediation progress.

Questions About Security?

Our team is happy to answer any questions about our security practices.

Contact Security Team
← Back to Home