Parsley logo
Parsley
Create Profile
Sign In
Parsley
Security

Security

Last updated: 10 December 2025

Our Commitment to Security

At Parsley, we take the security of your data seriously. We implement industry-standard security measures to protect your personal information, profile data, and business contacts. This page outlines our security practices and what we do to keep your information safe.

Infrastructure Security

Hosting and Cloud Services

Parsley is built on secure, enterprise-grade infrastructure:

  • Vercel: Frontend hosting with automatic HTTPS/TLS encryption, DDoS protection, and edge caching
  • Firebase (Google Cloud): Database, authentication, and file storage with enterprise-grade security
  • Stripe: PCI DSS compliant payment processing - we never store your payment card details

Data Centers

Our infrastructure partners operate data centers with:

  • 24/7 physical security and monitoring
  • Redundant power and network connectivity
  • Environmental controls and disaster recovery
  • Compliance with ISO 27001, SOC 2, and other security standards

Data Security

Encryption

Your data is encrypted both in transit and at rest:

  • In Transit: All connections use HTTPS with TLS 1.3 encryption (minimum TLS 1.2)
  • At Rest: Database and file storage encrypted using AES-256 encryption
  • Password Storage: Passwords hashed using bcrypt with strong salts (handled by Firebase Auth)

Access Controls

We implement strict access controls:

  • Role-based permissions (user, admin, organization admin)
  • Firebase security rules to enforce data access policies
  • Multi-factor authentication for admin accounts
  • Principle of least privilege for all access

Database Security

Firebase Firestore provides:

  • Automatic backups and point-in-time recovery
  • Security rules to prevent unauthorized data access
  • Real-time monitoring and threat detection
  • Isolated multi-tenant architecture

Authentication and Account Security

User Authentication

We use Firebase Authentication which provides:

  • Email/password authentication with strong password requirements
  • Google OAuth 2.0 for secure third-party sign-in
  • Secure session management with automatic token refresh
  • Protection against brute force and credential stuffing attacks

Password Requirements

Passwords must meet the following criteria:

  • Minimum 8 characters in length
  • Mix of uppercase, lowercase, numbers, and special characters recommended
  • Cannot be common or previously breached passwords

Account Protection

Additional security features:

  • Automatic logout after extended inactivity
  • Password reset via secure email verification
  • Email notifications for suspicious login attempts
  • Ability to view active sessions and sign out remotely

Application Security

Secure Development

Our development process includes:

  • Regular security audits and code reviews
  • Dependency scanning for known vulnerabilities
  • Input validation and sanitization to prevent injection attacks
  • Content Security Policy (CSP) headers to prevent XSS attacks
  • Protection against CSRF attacks using tokens

Vulnerability Management

We actively manage security vulnerabilities:

  • Continuous monitoring of dependencies for security updates
  • Rapid patching of critical vulnerabilities
  • Regular penetration testing and security assessments
  • Bug bounty program (coming soon)

Payment Security

All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. This means:

  • We never store your credit card numbers or CVV codes
  • Payment data is transmitted directly to Stripe using secure, encrypted connections
  • Stripe maintains the highest level of PCI compliance
  • 3D Secure authentication for additional fraud protection
  • Real-time fraud detection and prevention

Privacy and Data Protection

We comply with data protection regulations including UK GDPR:

  • Data minimization - we only collect what we need
  • Purpose limitation - data used only for stated purposes
  • Storage limitation - data retained only as long as necessary
  • User rights - access, rectification, erasure, portability
  • Privacy by design and by default

For more details, see our Privacy Policy.

Monitoring and Incident Response

Security Monitoring

We continuously monitor our systems for:

  • Suspicious login attempts and account activity
  • Unusual traffic patterns and potential DDoS attacks
  • Application errors and performance issues
  • Infrastructure health and availability

Incident Response

In the event of a security incident:

  • We have a documented incident response plan
  • Incidents are investigated and contained immediately
  • Affected users are notified within 72 hours (as required by GDPR)
  • Root cause analysis and remediation follow each incident
  • We cooperate fully with law enforcement when necessary

Your Responsibility

While we take extensive measures to protect your data, security is a shared responsibility. You can help keep your account secure by:

  • Using a strong, unique password for your Parsley account
  • Never sharing your password with anyone
  • Logging out when using shared or public computers
  • Keeping your email account secure (password reset protection)
  • Being cautious of phishing attempts (we'll never ask for your password via email)
  • Reporting suspicious activity immediately
  • Keeping your contact information up to date

Compliance and Certifications

Parsley and our infrastructure providers maintain compliance with:

  • UK GDPR: Full compliance with UK data protection regulations
  • PCI DSS: Payment Card Industry Data Security Standard (via Stripe)
  • ISO 27001: Information security management (infrastructure providers)
  • SOC 2 Type II: Service Organization Control reports (infrastructure providers)

Third-Party Services

We carefully vet all third-party services we use:

  • Vercel: Frontend hosting and CDN
  • Firebase/Google Cloud: Database, authentication, and storage
  • Stripe: Payment processing

All third-party providers are assessed for security and privacy practices, and we maintain data processing agreements with each.

Reporting Security Issues

If you discover a security vulnerability or have security concerns, please report them immediately:

Report via: Contact form

Subject: [SECURITY] Brief description of issue

Please include:

  • Detailed description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact and severity
  • Your contact information for follow-up

We commit to:

  • Acknowledge your report within 24 hours
  • Investigate and validate the issue promptly
  • Keep you informed of our progress
  • Credit you for responsible disclosure (if desired)

Security Updates

This security page is reviewed and updated regularly to reflect our current practices. For questions about our security measures, please contact us.

Parsley logo
Parsley
Digital business cards that capture every lead
Google Cloud Partner Advantage
Product
Use CasesPricingBusinessEco TrackerRoadmapFeedback or Bugs
Company
ContactCareersAbout us
Resources
HelpKnowledge BaseBlogPrivacy PolicyTerms of ServiceSecuritySustainability PolicyAI Policy
© 2025 Parsley. All rights reserved.