Security & Privacy

Your trust is our foundation. Learn how we protect your data, transactions, and privacy with enterprise-grade security.

Our Security Commitment

End-to-End Encryption

All sensitive data is encrypted in transit and at rest

Privacy by Default

Your gratitude network is private unless you choose to share

Secure Infrastructure

Enterprise-grade hosting with SOC 2 compliance

How We Protect Your Data

Authentication & Access

  • Magic link authentication eliminates password vulnerabilities
  • Secure session management with automatic expiration
  • Email verification required for all accounts

Data Encryption

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Database encryption with regular key rotation

Infrastructure Security

  • Hosted on enterprise-grade cloud infrastructure (Vercel, Neon)
  • Regular security audits and penetration testing
  • DDoS protection and rate limiting

Your Privacy Controls

What's Private by Default

  • Your gratitude network and connections
  • Transaction amounts and notes
  • Your account balance and financial data
  • Email address and contact information

What You Control

  • Public vs. private profile visibility
  • Gratitude graph sharing preferences
  • Transaction receipt sharing
  • Data export and deletion rights

Payment Security

Powered by Stripe

All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor trusted by millions of businesses worldwide.

Payment Protection

  • TYSM never stores your payment information
  • PCI DSS compliant payment processing
  • Fraud detection and prevention

Transaction Security

  • Cryptographically signed transaction receipts
  • Immutable transaction history
  • Real-time transaction monitoring

Compliance & Standards

SOC 2 Type II

Audited security controls and procedures

GDPR Compliant

European data protection standards

CCPA Compliant

California privacy rights protection

Our Security Practices

Incident Response

We have a 24/7 security monitoring system and incident response team ready to address any potential security issues.

In the unlikely event of a security incident, we commit to transparent communication and will notify affected users within 72 hours.

Regular Security Audits

We conduct quarterly security audits with third-party security firms to identify and address potential vulnerabilities.

Our codebase undergoes automated security scanning with every deployment.

Employee Security Training

All TYSM team members undergo regular security training and follow strict access control policies.

We implement the principle of least privilege and require multi-factor authentication for all internal systems.

Security Resources & Contact

Report a Security Issue

If you discover a security vulnerability, please report it to our security team immediately.

security@tysm.to

We take all security reports seriously and will respond within 24 hours.

This security page was last updated on August 17, 2025.

← Back to Home