Security at ObituaryMonitor
Your data security is our priority. We implement enterprise-grade security measures to protect your sensitive information at every level.
Download Security WhitepaperSecurity Standards We Implement
Industry-standard encryption and privacy practices to protect your data
AES-256
Data Encryption
TLS 1.3
Secure Transport
CCPA
Privacy Compliant
GDPR Ready
EU Data Protection
Secure Payments
Stripe PCI Certified
No Data Sales
Privacy First
Payment processing handled by Stripe (PCI DSS Level 1 certified). We never store credit card data on our servers.
Data Encryption
Encryption in Transit
All data transmitted between your browser and our servers is encrypted using TLS 1.3, the latest transport layer security protocol. This ensures your data cannot be intercepted or read by unauthorized parties.
Encryption at Rest
All stored data is encrypted using AES-256 encryption, the same standard used by financial institutions and government agencies. This includes your watch lists, match history, and account information.
Password Security
Passwords are hashed using bcrypt with a high work factor. We never store plaintext passwords, and even our own engineers cannot access your password.
Infrastructure Security
Note: ObituaryMonitor has not undergone a SOC 2 audit. The certifications listed below are held by our infrastructure partners, not by ObituaryMonitor directly.
Our infrastructure is built on industry-leading cloud platforms with robust security measures:
- Netlify — SOC 2 Type II certified hosting with automatic DDoS protection
- Neon Database — SOC 2 Type II certified PostgreSQL with encryption at rest
- Stripe — PCI DSS Level 1 certified payment processing
- Postmark — Secure email delivery with DKIM/SPF authentication
- Twilio — SOC 2 Type II certified SMS delivery
Access Control
- Role-based access control (RBAC) — Granular permissions for team members
- Secure session management — Automatic timeouts and secure cookie handling
- API key authentication — Unique, revocable API keys for programmatic access
- Activity logging — Comprehensive audit trails for all account actions
Data Privacy
We are committed to protecting your privacy and handling your data responsibly:
- No data selling — We never sell your personal information to third parties
- Minimal data collection — We only collect data necessary to provide our service
- CCPA compliant — California residents can request data access, deletion, and portability
- GDPR ready — Data subject rights for EEA/UK residents
- Data retention policies — Clear retention periods with automatic deletion
Compliance & Documentation
We support enterprise compliance requirements:
- Security questionnaires — We can complete CAIQ, SIG, or custom security questionnaires
- Custom DPAs — Data Processing Agreements available for enterprise customers
- BAA available — Business Associate Agreements for HIPAA-covered entities
- Vendor risk assessments — Documentation for your procurement team
Ongoing Security Practices
- Regular security audits — Periodic reviews of our security posture
- Dependency monitoring — Automated scanning for vulnerable dependencies
- Incident response plan — Documented procedures for security incidents
- Breach notification — We will notify affected users as required by law
Security Whitepaper
Download our comprehensive security whitepaper for detailed information about our security architecture, data protection measures, and best practices. Perfect for your vendor risk assessment or procurement team.
Note: ObituaryMonitor has not undergone a SOC 2 audit. Infrastructure partner certifications are detailed in the whitepaper.
Have Security Questions?
Have a specific Security Questionnaire or need a Custom DPA (Data Processing Agreement)? Our security team is ready to help with your compliance and procurement requirements.