Security

Your Data Is Our
Responsibility

StatStack is built on trusted infrastructure with encryption, automated backups, and strict access controls. Here's exactly how we keep your organization's data safe.

Encrypted at Rest
TLS Everywhere
14
Day Backup Retention
AWS Infrastructure
Infrastructure

Built on AWS

StatStack runs on Amazon Web Services, the same cloud infrastructure trusted by Netflix, NASA, and the world's largest enterprises.

Your data is stored in AWS's US-East region with managed PostgreSQL databases, automated daily backups, and infrastructure that meets the most rigorous compliance standards including SOC 2, ISO 27001, and SOC 3.

  • Managed PostgreSQL with automated daily backups
  • 14-day backup retention with point-in-time recovery
  • AES-256 encryption at rest for all stored data
  • TLS/HTTPS encryption for all data in transit
  • AWS SOC 2, ISO 27001, and SOC 3 certified infrastructure
Practices

How We Protect Your Data

Security isn't an afterthought. It's built into every layer of the platform.

Payments via Stripe

All billing is handled by Stripe, a PCI Level 1 certified payment processor. We never store, process, or have access to your credit card details.

Tenant Isolation

Every organization's data is logically isolated. Your creators, stats, contracts, and content are only accessible to your authorized staff members.

Role-Based Access

Granular staff permissions let you control who can view salary data, approve roster changes, manage billing, and access sensitive information.

Secure Authentication

Passwords are hashed using industry-standard algorithms. Session management ensures your account stays protected across devices.

Automated Backups

Your database is backed up daily with 14-day retention. In the event of any issue, we can restore your data quickly and completely.

Encryption Everywhere

All connections are secured with TLS/HTTPS. Your database is encrypted at rest with AES-256. Data is protected whether it's moving or stored.

Your Data

You Own Your Data

Your organization's data belongs to you. We don't sell, share, or monetize your information. If you ever decide to leave, we'll help you export everything.

  • We never sell your data to third parties
  • Full data export available on request
  • Data deleted upon account cancellation

Our Commitment

We treat your organization's data with the same care we'd want for our own. Transparent practices, no hidden data usage, and direct access to our team if you ever have concerns.

Questions?

Have a Security Concern?

If you have questions about our security practices or need to report a vulnerability, reach out directly.

security@statstackhq.com