Security at Partr
Your images and data are protected by enterprise-grade security measures. We take security seriously so you can focus on your work with peace of mind.
Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
- ✓HTTPS-only communication
- ✓Encrypted database storage via Supabase
- ✓Encrypted cloud storage via Cloudflare R2
Secure Storage
Your images are stored on enterprise-grade infrastructure with automatic backups.
- ✓Cloudflare R2 for image storage
- ✓Supabase PostgreSQL for user data
- ✓Automatic daily backups
- ✓Geo-redundant storage
Authentication & Access Control
Industry-standard authentication with row-level security policies.
- ✓Secure password hashing with bcrypt
- ✓Row-Level Security (RLS) policies
- ✓API key management for Pro users
- ✓Session management and token expiration
Privacy & Data Retention
We only keep your data for as long as necessary based on your plan.
- ✓Free: 30-day retention
- ✓Creator: 90-day retention
- ✓Pro: 365-day retention
- ✓Automatic permanent deletion after retention period
Compliance & Monitoring
Continuous monitoring and regular security audits to protect your data.
- ✓Regular security audits
- ✓Activity logging and monitoring
- ✓DDoS protection via Cloudflare
- ✓Automated threat detection
Infrastructure Security
Built on trusted, enterprise-grade cloud infrastructure providers.
- ✓Cloudflare R2 with global CDN
- ✓Supabase with SOC 2 Type II compliance
- ✓Stripe for PCI-compliant payment processing
- ✓ISO 27001 certified partners
How We Protect Your Images
1. Upload Security
When you upload images, they are transmitted over encrypted HTTPS connections using TLS 1.3, the latest security protocol. Files are validated and scanned before processing.
2. Processing Security
Images are processed in isolated environments with no cross-user access. Our AI enhancement and Hero-Sync algorithms run in secure serverless functions with automatic scaling and isolation.
3. Storage Security
Processed images are stored in Cloudflare R2 with encryption at rest (AES-256). Access is controlled through signed URLs with expiration times, ensuring only you can access your images.
4. Automatic Deletion
Based on your subscription plan, images are automatically and permanently deleted after the retention period. We use secure deletion methods that make recovery impossible.
Payment Security
Stripe Integration
All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. We never store your credit card information on our servers.
Secure Transactions
Every payment is encrypted end-to-end. Stripe uses machine learning to detect and prevent fraudulent transactions in real-time.
Incident Response
While we implement robust security measures, we also maintain a comprehensive incident response plan:
Detection
24/7 monitoring and automated alerts for suspicious activity
Response
Immediate action to contain and resolve security incidents
Communication
Transparent notification to affected users within 72 hours
Prevention
Post-incident analysis and security improvements
Responsible Disclosure
We value the security research community and welcome responsible disclosure of potential vulnerabilities. If you discover a security issue, please:
- •Email us at security@partr.ai with details of the vulnerability
- •Provide reasonable time for us to address the issue before public disclosure
- •Avoid accessing or modifying user data without permission
We commit to acknowledging your report within 48 hours and providing regular updates on our progress. Researchers who follow responsible disclosure practices will be credited (with permission) in our security acknowledgments.