Security First Design
We take your security and privacy seriously. GhostAudit is designed from the ground up to be secure and non-intrusive.
Read-Only Access
GhostAudit only requests read-only permissions (Restricted Key) to your Stripe account. We cannot initiate refunds, transfers, or change any settings. You maintain full control.
No Sensitive Data Storage
We do not store your customer's PII (Personally Identifiable Information) or transaction details. Our analysis engine processes data in-memory and discards it immediately after generating the report.
API Key Safety
Your Stripe API keys are never logged or stored on disk. They are kept in memory only for the duration of the scan session and are encrypted in transit.
Privacy by Default
We do not track your customers or sell your data to third parties. Our business model is simple: we sell a tool to help you secure your revenue, not your data.
Security FAQ
How is my data encrypted?
All sensitive data is encrypted at rest using AES-256 and in transit using TLS 1.3. We use industry-standard key management systems to ensure your data remains secure.
Do you store my Stripe keys?
No. We never store your restricted keys in plain text. They are encrypted immediately upon receipt and are only decrypted in volatile memory during active scanning sessions.
Who has access to my transaction data?
Access is strictly limited to automated analysis systems. Our engineering team does not have access to your customer PII or transaction details unless explicitly authorized for support debugging.
How do you handle vulnerability disclosure?
We maintain a public bug bounty program and have a dedicated security team that responds to reports within 24 hours. We follow responsible disclosure guidelines.
Found a vulnerability?
We take security seriously. If you believe you've found a security issue, please report it to our security team immediately.
Contact Security Team