FridayNumbers
Sign inGet Started

Security at Friday Numbers

We take the security of your team's data seriously. Here's how we protect it.

Infrastructure & Hosting

  • Hosted on Railway (US-based PaaS)
  • All data stored in PostgreSQL with encrypted connections
  • Automatic daily backups
  • HTTPS everywhere — all traffic encrypted with TLS 1.3

Data Isolation

  • Multi-tenant architecture with complete data isolation
  • Every database query is scoped to the organization level
  • No team can access another team's data, ever
  • Super admin access is audited and restricted to platform operations

Authentication & Access

  • Passwords hashed with bcrypt (12 rounds)
  • JWT-based session management with 7-day expiration
  • Google SSO support (OAuth 2.0)
  • Role-based access control: Agent, Coordinator, Owner
  • All authentication events are logged

Payment Security

  • Payments processed by Stripe
  • We never store credit card numbers, CVVs, or bank details
  • Stripe is PCI DSS Level 1 certified (the highest level)
  • All payment pages served directly by Stripe over HTTPS

API Security

  • API key authentication with scoped permissions
  • Rate limiting (100 requests per minute per key)
  • Webhook signatures for payload verification
  • CORS protection on all external endpoints

Data Ownership

  • Your data belongs to you
  • Export your data anytime via CSV export
  • Request full data deletion by contacting support
  • We never sell or share your data with third parties

Monitoring & Incident Response

  • Automated error tracking and alerting
  • Audit log of all administrative actions
  • Prompt incident communication if a breach occurs

Contact

If you discover a security vulnerability: [email protected]

General questions: [email protected]