Security
Security at PWAHero
Security is built into how we design and operate the platform. We use practical, industry-standard controls to protect customer data and service integrity.
Security overview
- Encrypted transport is used for data in transit.
- Access to production systems is restricted to essential personnel.
- Authentication and session controls are handled through managed providers.
- We monitor platform health and investigate potential security events.
Encryption
Data transmitted between clients and our services is protected using HTTPS/TLS. For data at rest, we rely on encryption and storage protections provided by our managed infrastructure partners.
Cloud Security
PWAHero is deployed on established cloud and platform infrastructure providers. We leverage managed security controls, network protections, and operational safeguards from these partners as part of our defense-in-depth approach.
Data Protection
We follow least-privilege principles for internal access. Production data access is limited to personnel with operational need.
Authentication is handled via managed identity systems (including OAuth and passwordless login flows). PWAHero does not store plain-text passwords in application code or databases.
Payment Security
When paid plans are offered, payment processing is handled by a third-party checkout provider shown during billing. Card details are collected and processed by that provider, not directly by PWAHero.
Monitoring & Incident Response
We use service monitoring, request validation, and abuse controls (such as rate-limiting) to help detect and reduce risk.
When we identify a potential security issue, we investigate, contain, and remediate based on the severity and scope of the event.
For security questions or responsible disclosure, contact [email protected].