Security

Your data is our responsibility.

We take security seriously — not as a checkbox, but as a core design principle. Here's how we protect the businesses that trust us.

Security Pillars

Built on trust.

Data Encryption

All data is encrypted at rest using AES-256 and in transit via TLS 1.3. Your information is protected at every layer.

Infrastructure Security

Our platform runs on Cloudflare Workers — a globally distributed edge network with built-in DDoS protection and automatic threat mitigation.

Access Control

Role-based access with least-privilege defaults. Every action is logged, every permission is intentional. Audit trails are always available.

Data Residency

Your data lives in Singapore-based PostgreSQL infrastructure. No cross-region replication, no data leaving the region without your consent.

Compliance

Our practices are aligned with the Personal Data Protection Act (PDPA). We conduct regular security reviews and update our controls accordingly.

Incident Response

Documented procedures, clear escalation paths, and timely notification. If something goes wrong, you hear it from us first.

Security Practices

How we operate.

All production access requires multi-factor authentication
Secrets are stored in Cloudflare Secrets Store — never in code or environment files
Infrastructure changes are reviewed before deployment
Database queries use parameterised statements exclusively — no raw string interpolation
Automated dependency scanning for known vulnerabilities
Regular backups with tested restoration procedures
API endpoints are authenticated and rate-limited
Client data is logically isolated per tenant

Responsible Disclosure

If you've discovered a security vulnerability, we want to hear about it. We take all reports seriously and will respond promptly. We ask that you give us a reasonable timeframe to address the issue before public disclosure.

security@bistank.com

Questions about security?

We're happy to discuss our security practices in more detail. Reach out anytime.