Security
Your data security is our top priority. Learn how we protect your information and what we're doing to keep PixellPeep secure.
Our Security Commitment
At PixellPeep, we take security seriously. We employ industry-leading security practices to protect your data, maintain system integrity, and ensure the confidentiality of your visual testing workflows.
Our security measures are continuously reviewed and updated to address emerging threats. We run automated security scanning and regular internal reviews to validate our controls.
Security Features
Data Encryption
- TLS/SSL encryption for all data in transit
- BCrypt password hashing with salt
- Encrypted database connections
- HTTPS-only communication
Authentication & Access
- JWT-based stateless authentication
- Sign in with Google (OAuth 2.0)
- Multi-factor authentication (planned for enterprise)
- API key management for programmatic access
- Role-based access control (admin roles; team RBAC planned)
Infrastructure Security
- Regular security patches and updates
- Firewalls and network segmentation
- DDoS protection and rate limiting
- Automated backups with encryption
- Secure CI/CD pipelines
Monitoring & Logging
- Application and infrastructure logging
- Admin audit trail for sensitive changes
- Rate limiting and abuse protection
Compliance & Standards
Data Protection
Encryption, retention policies, and self-service account deletion
Access Controls
Principle of least privilege and need-to-know basis
Incident Response
Defined breach notification process
Data Retention
Clear policies with user-controlled deletion
How We Protect Your Data
Image Data Security
Images you upload are encrypted in transit and at rest. They're processed in isolated environments and automatically deleted according to your plan's retention policy. You have full control over when to delete your data.
Database Security
Our databases use encrypted connections, are hosted in secure data centers, and are backed up regularly. Access is restricted to authorized personnel only, and all access is logged for audit purposes.
Application Security
We employ secure coding practices, conduct regular code reviews, and use automated security scanning tools. All dependencies are kept up-to-date with the latest security patches.
Security Layers
Security Best Practices for Users
Use Strong Passwords
Use 8–21 characters with uppercase, lowercase, a number, and a special character (@$!%*?&).
Enable Two-Factor Authentication
Add an extra layer of security to your account with 2FA when available.
Keep Software Updated
Always use the latest version of your browser and keep your operating system updated.
Be Cautious with API Keys
Never share API keys publicly or commit them to version control. Rotate keys regularly.
Review Account Activity
Regularly check your account activity logs for any suspicious behavior.
Use Secure Networks
Avoid accessing sensitive data over public Wi-Fi without a VPN.
Responsible Vulnerability Disclosure
Help us keep PixellPeep secure
Report a Security Vulnerability
If you've discovered a security vulnerability in PixellPeep, we appreciate your help in disclosing it to us responsibly. Please do not publicly disclose the issue until we've had a chance to address it.
How to Report
Email us at: security@pixellpeep.com
Include detailed steps to reproduce the vulnerability, potential impact, and any proof-of-concept code.
Our Commitment
- ✓ Acknowledge receipt within 24 hours
- ✓ Provide regular updates on progress
- ✓ Credit you in our security hall of fame (if desired)
- ✓ Work with you to understand and resolve the issue
Out of Scope
Please do not perform testing that could harm our users, degrade our services, or access data that doesn't belong to you. Social engineering, denial of service, and physical testing are out of scope.
Security Resources
Have Security Questions?
Our security team is here to help. Contact us for security inquiries or to report vulnerabilities.