LEGAL · SECURITY

We take security seriously. Here's proof.

Your pet's records, documents, and personal information deserve the same protection as your financial data. Here's exactly how we protect everything you store with us.

Last updated: May 1, 2026

Encryption

In transit

Every connection between your browser and Seiton Paw is encrypted using TLS 1.3 — the same standard used by banks and major financial institutions. Unencrypted connections are rejected automatically.

At rest

All stored data — account information, pet records, trip details — is encrypted using AES-256-GCM. Documents you upload are stored in encrypted buckets with per-user access keys held in a hardware security module. Even our own engineers cannot read your documents without an explicit support ticket from you.

Access controls

Two-factor authentication

Available on all paid plans. We strongly recommend enabling it. Go to Settings → Security to turn it on.

Internal access

Our team's access to user data is role-based, logged, and audited. No engineer can access your account or documents without an explicit, time-limited authorization tied to a support request. Access logs are reviewed monthly.

Session management

Sessions expire automatically after inactivity. You can view and revoke all active sessions from Settings → Security at any time.

Infrastructure

Seiton Paw runs on Supabase and Vercel — both SOC 2 certified infrastructure providers with independent security audits. Our databases are hosted in the United States and European Union, with data residency determined by your account region. We do not run our own physical servers.

Compliance

SOC 2 Type I

Completed. Our Type II audit is currently in progress and expected to complete in Q4 2026.

GDPR

Fully compliant for EU users. You can export or delete all your data at any time from Settings → Data & Privacy.

LGPD

Compliant for Brazilian users under Brazil's Lei Geral de Proteção de Dados.

Responsible disclosure

Found a security vulnerability? We want to know. Email security@seitonpaw.com with a description of the issue and steps to reproduce it. We respond within 24 hours, pay bounties for valid reports, and will never take legal action against good-faith researchers. Full scope and bounty ranges are in our security.txt file.

Incident response

In the event of a data breach that affects your account, we will notify you by email within 72 hours — faster than required by GDPR. We will tell you what happened, what data was affected, and what we're doing about it. No vague corporate statements.

Seiton Paw