⏵ NEW · AR MEASUREMENT ON LIDAR DEVICES · LIVE NOW
Estimate.Pro
Start
§ Sheet 08 / 06 · Security

DATA THAT
STAYS YOURS.

Tenant-isolated Postgres. Per-row RLS. Stripe is the PCI-DSS Level 1 processor. We hold zero card data.
Security review

Controls summary, DPA, and sub-processor list available on request.

Encryption everywhere

TLS 1.3 in transit. AES-256 at rest. Per-row tenant isolation.

Postgres RLS

Row-level security enforces tenant boundaries at the database.

No card data

Stripe handles every charge. We never see a PAN.

SSO + audit log

Okta · Azure AD · Google Workspace on Crew. Every action logged.

GDPR + CCPA

Data export and deletion within 30 days. EU sub-processors documented.

§ Reach the security team

REPORT A VULN.

We pay bug bounties. Email security@estimate.pro with reproduction steps.

PGP key on request · 24h response · safe-harbor for good-faith research

§ Equip the crew

Compliance docs?

DPA, sub-processor list, controls summary, and network diagram — available under MNDA.

Request docs See pricing