← Back to ProfitWire

Security at ProfitWire

Effective Date: July 9, 2026

ProfitWire is trusted with sensitive business data — sales history, cost basis, marketplace credentials, and financial reports. This page describes the technical and organizational controls we operate to keep that data safe. It is maintained by ProfitWire LLC and is not a third-party certification.

1. Encryption

  • All traffic to and from ProfitWire is served over HTTPS with TLS 1.2 or higher.
  • Data at rest — including your database records, uploaded images, and backups — is encrypted with AES-256 by our managed infrastructure providers.
  • Marketplace OAuth access and refresh tokens are encrypted at rest with a dedicated key and are never returned to the browser.
  • Passwords are stored only as salted hashes; we never see or store your plaintext password.

2. Authentication and Access Control

  • Email + password sign-in with hardened session cookies and rate-limited login attempts.
  • Password reset flows use signed, single-use, time-limited links.
  • Row-Level Security (RLS) policies are enforced on every user-owned table so one account cannot read another account's data.
  • Role-based access control separates end-user roles from administrative roles; roles are stored in a dedicated, server-side table and never trusted from the client.
  • Employees and contractors access production only through least-privilege, audited pathways, and only when required for support or operations.

3. Infrastructure

  • Application code runs on Cloudflare's global edge network.
  • Database, authentication, storage, and background jobs are hosted on Supabase (managed Postgres) in the United States.
  • Subscription billing is handled by Stripe; we do not store card numbers or CVCs.
  • Marketplace sync uses the official eBay APIs with the scopes you authorize.
  • All third-party sub-processors are listed in our Privacy Policy and are bound by data processing agreements.

4. Backups and Recovery

  • Automated Point-in-Time Recovery (PITR) backups of the primary database.
  • Daily encrypted snapshots retained on a rolling schedule.
  • Restore procedures are documented and periodically tested.
  • Backups are encrypted at rest and stored separately from production data.

5. Monitoring and Logging

  • Application, request, and error logs are centrally collected and retained for operational review.
  • Anomalous authentication activity and rate-limit violations are alerted on.
  • Dependencies are continuously scanned for known vulnerabilities and patched on a defined SLA based on severity.

6. Secure Development

  • All code changes go through peer review and automated tests before deployment.
  • Secrets are stored in a dedicated secret manager, never in source control.
  • Environments are separated (development, preview, production) with distinct credentials and data.
  • Third-party libraries are pinned and updated on a defined cadence.

7. Incident Response

We maintain a written incident response process covering detection, containment, eradication, recovery, and post-incident review. If we become aware of a security incident that affects your personal data, we will notify affected customers and, where required, the appropriate supervisory authorities within the timeframes required by applicable law (for example, 72 hours under the GDPR).

8. Responsible Disclosure

We welcome reports from security researchers. If you believe you have discovered a vulnerability in the Services, please email support@getprofitwire.com with the subject line SECURITY and include:

  • A clear description of the issue and its impact
  • Steps to reproduce (proof-of-concept code, URLs, screenshots)
  • Any relevant account IDs or timestamps

Please do not access, modify, or exfiltrate data belonging to other users, do not run denial-of-service or automated scanning against production, and give us a reasonable window to investigate and remediate before public disclosure. We will not pursue legal action against researchers who act in good faith and follow this policy.

9. Your Role

You can help keep your account safe by using a unique, strong password, keeping your recovery email secure, disconnecting marketplace integrations you no longer use, and reporting any suspicious activity to us immediately.

10. Contact

Security questions and reports: support@getprofitwire.com.