Security at Made4Founders
Your data security is our top priority. We employ industry-leading security measures to protect your business information.
Security Features
We've built Made4Founders from the ground up with security in mind. Here's how we protect your data.
AES-256-GCM Encryption
All sensitive data is encrypted at rest using military-grade AES-256-GCM encryption. Your credentials and business identifiers are protected with state-of-the-art cryptographic standards.
Argon2id Key Derivation
Vault master passwords are processed using Argon2id, the winner of the Password Hashing Competition. This makes brute-force attacks computationally infeasible.
JWT Authentication
We use HS512 signed JSON Web Tokens with short expiration times (15 minutes). Refresh tokens are rotated regularly to prevent session hijacking.
TLS 1.3 Transport Security
All data in transit is protected using TLS 1.3 encryption. We enforce HTTPS across our entire platform with HSTS headers.
Security Headers
We implement comprehensive security headers including Content Security Policy (CSP), X-Frame-Options, X-Content-Type-Options, and Referrer-Policy.
Rate Limiting
Authentication endpoints are protected with strict rate limiting (5 requests/minute) to prevent brute-force attacks. General API endpoints have reasonable limits to ensure service availability.
Our Security Practices
Beyond technical measures, we follow rigorous security practices to ensure your data stays safe.
Regular Security Audits
We conduct regular security assessments and penetration testing to identify and address potential vulnerabilities.
Secure Development
Our development team follows secure coding practices and conducts code reviews for all changes.
Dependency Monitoring
We continuously monitor our dependencies for known vulnerabilities and apply patches promptly.
Incident Response
We have a documented incident response plan to quickly address and communicate any security incidents.
Access Logging
All sensitive operations are logged for audit purposes, helping us detect and investigate suspicious activity.
Data Backup
Your data is regularly backed up with encrypted backups stored in secure, geographically distributed locations.
Compliance & Standards
We design our systems with compliance in mind. While we are a growing startup, we strive to meet or exceed industry standards for data protection:
- OWASP Top 10 security guidelines
- GDPR data protection principles
- SOC 2 Type II controls (in progress)
- PCI DSS guidelines for payment data
- CCPA compliance for California residents
- Regular third-party security assessments
Responsible Disclosure
We value the security research community. If you discover a security vulnerability, please report it responsibly:
- • Email us at security@made4founders.com
- • Include detailed steps to reproduce the vulnerability
- • Allow us reasonable time to address the issue before public disclosure
- • Do not access or modify other users' data
We commit to acknowledging your report within 48 hours and keeping you informed of our progress.
Security Questions?
Have questions about our security practices? We're happy to discuss.
security@made4founders.com