Security is foundational to everything we build. Here is how we protect your data.
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption. API keys are hashed and never stored in plaintext.
PreShip runs on Railway with Cloudflare in front for DDoS protection and edge caching. All infrastructure is hosted in SOC 2 Type II certified data centers.
We support OAuth 2.0 via GitHub and Google, secure session management with automatic rotation, and enforce rate limiting on all authentication endpoints.
Internal access follows the principle of least privilege. All production access requires multi-factor authentication and is logged for audit purposes.
Customer scan data is logically isolated. Scan results are tied to your account and are never shared with other customers or used for training purposes.
We run automated dependency scanning on every commit. Known vulnerabilities are patched within 24 hours for critical issues and 7 days for non-critical.
We take security vulnerabilities seriously. If you have discovered a security issue in PreShip, we appreciate your help in disclosing it to us responsibly.
Please report security vulnerabilities by emailing us at security@preship.dev. Include a detailed description of the vulnerability, steps to reproduce, and any relevant proof of concept.
We will acknowledge your report within 24 hours and aim to provide a fix or mitigation within 72 hours for critical issues. We do not currently offer a bug bounty program, but we will publicly credit researchers who report valid vulnerabilities (with your permission).
If you have questions about our security practices, please contact us at security@preship.dev.