We take privacy and security very seriously. Here are the steps that we have taken:
1. Data transfer happened over secure connection using HTTPS.
2. All data is stored in an encrypted form on the server. Each user's data is encrypted using a unique salt, which is itself encrypted by HSM based key manager.
3. Data can not be retrieved using the user's password. So even if the password gets compromised, user data can not be accessed.
4. Our website and infrastructure passed Cure53's security analysis and review to uncover vulnerability patterns and attacks.
As per regulatory requirements, we will be maintaining the user data records for 5 years.