Security at PlanPacer

PlanPacer takes the security of our platform and our users' data seriously. We are committed to protecting merchant and customer information and welcome responsible disclosure of any vulnerabilities.

Reporting a vulnerability

If you believe you have found a security vulnerability in PlanPacer, please report it to us at security@planpacer.com.

When submitting a report, please include:

• • A clear description of the vulnerability and its potential impact.
• • Detailed steps to reproduce the issue, including any URLs, request payloads, or screenshots.
• • An assessment of the severity and potential impact on users or data.

What to expect

• • We will acknowledge your report within 48 hours.
• • We aim to investigate and resolve confirmed vulnerabilities within 90 days.
• • We will keep you informed of our progress throughout the process.

We follow a responsible disclosure policy. We ask that you give us reasonable time to address the issue before making any information public, and that you do not access or modify other users' data during your research.

Security practices

PlanPacer employs a range of measures to protect our platform and your data:

• TLS encryption — All data is encrypted in transit. Every connection to PlanPacer uses HTTPS.
• Secure authentication — Session cookies use httpOnly and Secure flags to prevent interception and cross-site scripting.
• Two-factor authentication — Merchants can enable 2FA for an additional layer of account protection.
• Rate limiting — API endpoints are rate-limited to protect against brute-force and denial-of-service attacks.
• Audit logging — Key actions are logged for accountability and incident investigation.
• Stripe for payments — PlanPacer never stores card details. All payment data is handled by Stripe's PCI-compliant infrastructure.