Security

Your data security is our priority

We implement industry-standard security measures to protect your customer data.

Encryption at Rest

All data is encrypted using AES-256 encryption in our Supabase PostgreSQL database.

Encryption in Transit

TLS 1.3 encrypts all data transmitted between your devices and our servers.

Row-Level Security

Database policies ensure users can only access their own data, enforced at the database level.

Secure Infrastructure

Hosted on Cloudflare Pages and Supabase with DDoS protection and global CDN.

Regular Audits

We conduct regular security assessments and vulnerability scans.

Incident Response

3-day breach notification to PDPC as required by Singapore PDPA compliance.

Compliance & Certifications

PDPA Singapore: We comply with the Personal Data Protection Act 2012, including consent requirements, data retention policies, and breach notification procedures.

SOC2 Ready: Our infrastructure and processes are designed to meet SOC2 Type II requirements. Enterprise customers can request our security documentation.

GDPR: While primarily serving Singapore/ASEAN markets, our data handling practices align with GDPR principles for international users.

Report a Vulnerability

We take security seriously. If you discover a vulnerability, please report it responsibly to security@paddly.io. We appreciate your help in keeping Paddly.io safe.