Tracklytix
Features
How It Works
Pricing
Use Cases
ContactLog InGet Started

Security at Tracklytix

Your financial data deserves the highest level of protection. Here's how we keep it safe.

Encryption in Transit

All data transmitted between your browser and our servers is protected with TLS 1.2+ encryption. Every API call, page load, and webhook is encrypted end-to-end.

Encryption at Rest

Your data is stored in PostgreSQL databases with AES-256 encryption at rest. Backups are encrypted using the same standards, ensuring data remains protected even in storage.

Access Controls

Role-based access controls, token-based authentication, and API authorization headers ensure only authorized users access your data. Row-level security policies enforce data isolation.

Rate Limiting & DDoS Protection

All API endpoints are rate-limited via Upstash Redis to prevent abuse. Cloudflare provides edge-level DDoS protection and bot detection via Turnstile CAPTCHA.

Incident Response

We maintain a documented incident response process. Security breaches are investigated immediately, with affected users notified within 72 hours per GDPR requirements.

Regular Audits & Compliance

Continuous dependency scanning, regular security reviews, and strict Content Security Policy headers. SOC 2 Type II certification is in progress.

Infrastructure

Built on trusted providers

We partner with industry-leading infrastructure providers that maintain the highest security and compliance standards.

Supabase

PostgreSQL database with row-level security, encrypted backups, and SOC 2 Type II certified infrastructure.

  • PostgreSQL with RLS policies
  • Encrypted at rest (AES-256)
  • Secure token-based auth

Vercel

Edge-first hosting platform with global CDN, automatic SSL, and enterprise-grade DDoS protection.

  • Global edge network
  • Automatic TLS certificates
  • DDoS mitigation at edge

Upstash

Serverless Redis for rate limiting and caching with encrypted connections and automatic data expiration.

  • Encrypted in transit (TLS)
  • Automatic data expiration
  • SOC 2 compliant

Responsible Disclosure

Found a vulnerability?

We take security vulnerabilities seriously. If you've discovered a potential security issue, we encourage you to report it responsibly.

Guidelines

  • Do not access or modify other users' data without explicit permission
  • Do not perform actions that could impact Platform availability (DoS, resource exhaustion)
  • Provide sufficient detail for us to understand and reproduce the issue
  • Allow reasonable time for us to investigate and remediate before any public disclosure
  • Do not exploit the vulnerability beyond what is necessary to demonstrate the issue

How to Report

Email your findings to security@tracklytix.dev. Please include:

  • Description of the vulnerability and potential impact
  • Steps to reproduce
  • Any relevant screenshots or proof-of-concept code
  • Your contact information for follow-up

We aim to acknowledge receipt within 48 hours and provide a status update within 5 business days. We will not take legal action against researchers who follow these guidelines.

Stay in the loop

Get product updates and tips delivered to your inbox.

Tracklytix

The lead-to-profit platform for service businesses. Capture leads, send quotes, track invoices, and see your profit — all in one place.

Product

  • Features
  • Pricing
  • Demo
  • For Business
  • How It Works
  • Use Cases

Resources

  • Documentation
  • API Reference
  • Guides
  • Changelog
  • Status

Company

  • About
  • Blog
  • Security
  • Careers
  • Contact

Legal

  • Privacy Policy
  • Terms of Service
  • Cookie Policy
256-bit SSL Encrypted
SOC 2 In Progress
GDPR Compliant

© 2026 Tracklytix. All rights reserved.