Security
How we protect your data.
PayCanary handles sensitive financial risk data. We take that responsibility seriously. Here's exactly how we protect it.
Encryption in transit
All data transmitted between your browser and PayCanary is encrypted using TLS 1.3. API calls, form submissions, and crisis intake conversations are all encrypted end-to-end.
Minimal data collection
The free Stripe health check doesn't require an account. We only collect the four metrics you enter. No Stripe API keys, no account credentials, no payment information until you choose to subscribe.
No Stripe account access
PayCanary does not connect to your Stripe account. You enter metrics manually. When automated monitoring launches via Stripe Connect, it will use read-only OAuth scopes with your explicit consent.
Data retention
Free health check data is stored only for the duration of your session unless you provide your email. Subscriber data is retained for the duration of your subscription plus 30 days.
Infrastructure
PayCanary runs on Vercel (edge network) with Supabase (PostgreSQL) for data storage. Both providers maintain SOC 2 Type II compliance and undergo regular third-party security audits.
Incident response
In the event of a security incident, we will notify affected users within 72 hours via email with details of the incident, data affected, and remediation steps taken.
Have a security concern or want to report a vulnerability?
security@paycanary.io