LEGAL

Security

Last updated 10 June 2026 · Pitchsafe Ltd

We take security seriously and implement reasonable, industry-standard measures. No method of transmission or storage is completely secure, and the Service is provided without warranty as to security, as set out in our Terms of Service.

Infrastructure

The Service is hosted on reputable cloud infrastructure (Laravel Forge / DigitalOcean) in managed data centres. Data is stored in managed PostgreSQL and Redis instances with restricted network access.

Encryption

Traffic between you and the Service is encrypted in transit using TLS. Credentials are hashed; sensitive secrets are stored in environment configuration, not in source control.

Access control

Administrative access is role-based and limited to authorised personnel on a need-to-know basis. Application access requires authentication, and admin tooling is gated behind elevated roles.

Monitoring

We use error- and performance-monitoring (Sentry) and queue/job observability (Horizon) to detect and respond to issues. Document-access events in the regulatory library are recorded in an activity log.

Sub-processors

We engage vetted sub-processors under data-protection terms — see our Privacy Policy and Data Processing Addendum.

Reporting a vulnerability

If you believe you have found a security issue, please email hello@pitchsafe.app with details. Please do not publicly disclose until we have had a reasonable opportunity to investigate and remediate. We appreciate responsible disclosure.