Security Policy

• Encryption in transit: TLS 1.2 or higher.
• Encryption at rest: AES-256 for all stored data.
• OAuth tokens: stored encrypted, never in plaintext, never logged in cleartext.
• dnoise never receives or stores Stripe login credentials.

• Production system access restricted to authorized personnel only.
• Multi-factor authentication required for all production access.
• Role-based, least-privilege access controls.
• All production data access logged and reviewed.

Regular internal security audits and continuous vulnerability assessments. To report a vulnerability: admin@dnoise.online. Acknowledgement within 72 hours.

• Relevant supervisory authorities notified within 72 hours where required by applicable law.
• Affected Users notified without undue delay after breach is confirmed and assessed.
• Full incident documentation maintained.

• Raw card numbers, CVV, or full PAN — Stripe API does not expose these.
• Stripe account login credentials.
• Data outside the approved read-only OAuth scope.