Security

Your data is safe with us.

GetTimePad is built with security at every layer — from encrypted data to role-based access to third-party provider standards.

All data is encrypted in transit via TLS 1.2+ and at rest using AES-256 encryption. Database connections are secured with SSL certificates.

Three distinct roles — Owner, Admin, and Tech — ensure every team member sees only what they need. Techs only access their own jobs via Tech Mode.

Every action is logged with actor tracking (user, system, AI, API). View who changed what and when in a full, filterable activity log.

All payment processing is handled by Stripe, a PCI DSS Level 1 certified provider. GetTimePad never stores credit card numbers.

Customer communications are routed through industry-leading providers with their own security certifications and compliance.

Files, photos, and documents are stored on S3-compatible cloud storage with access-controlled buckets and no public exposure.

Infrastructure is monitored 24/7 with automated alerts. API and web services are hosted on managed platforms with built-in redundancy.

JWT-based authentication with refresh token rotation, bcrypt password hashing, and optional OTP verification for customer-facing flows.

Have a security concern?

If you have questions about our security practices or need to report a vulnerability, please contact our security team.