Security & Trust
Your security and privacy are our top priorities. Here's how we protect your data and earn your trust.
256-bit SSL Encryption
All data transmitted between you and our servers is encrypted
PCI-DSS Compliant
Payments processed by Stripe, a certified PCI Level 1 provider
GDPR Compliant
Full compliance with EU data protection regulations
Payment Security
We never see your credit card details
All payment processing is handled exclusively by Stripe, a global leader in online payment security. Your credit card number never touches our servers—it goes directly to Stripe's PCI-DSS Level 1 certified infrastructure.
- PCI-DSS Level 1: The highest level of payment card industry security certification
- 3D Secure: Additional authentication for supported cards
- Fraud Detection: Machine learning-powered fraud prevention
- Tokenization: Your card details are never stored as plain text anywhere
Data Protection
Your Pattern Files
- Encrypted at rest: Your uploaded patterns are encrypted using AES-256 encryption
- Encrypted in transit: All file transfers use TLS 1.3 encryption
- Private by default: Your patterns are only accessible to you (and your team, if applicable)
- You own your data: We never claim ownership of your patterns or use them for training AI
- Easy deletion: Delete your account and all associated data at any time
Your Personal Information
- Minimal collection: We only collect what's necessary to provide the service
- No selling: We never sell your personal information to third parties
- Secure authentication: Powered by Supabase with industry-standard auth protocols
- Data portability: Export your data in standard formats at any time
- Transparent practices: Read our full Privacy Policy
Infrastructure Security
Our application is built on enterprise-grade infrastructure from trusted providers:
Hosting & Database
- Vercel Edge Network with global CDN
- Supabase managed PostgreSQL database
- Automatic backups and disaster recovery
- 99.9% uptime SLA
Security Practices
- Regular security audits
- Dependency vulnerability scanning
- Error monitoring with Sentry
- DDoS protection
Your Rights
Under GDPR, CCPA, and other privacy regulations, you have the right to:
Request a copy of all your data
Correct inaccurate information
Delete your account and data
Export data in standard formats
Opt out of certain processing
Change your preferences anytime
Transparency
We believe in being open about how we operate:
- Privacy Policy – How we collect, use, and protect your data
- Terms of Service – Your agreement with us when using Bombajom
- Cookie Policy – What cookies we use and why
Questions or Concerns?
We take security seriously. If you have questions about our security practices or want to report a security concern, please reach out:
- Security Issues: security@bombajom.com
- Privacy Questions: privacy@bombajom.com
- Data Protection Officer: dpo@bombajom.com
- General Support: support@bombajom.com