EarningsNerd

Security

Last updated: February 6, 2026

Our Commitment to Security

At EarningsNerd, we take the security of your data seriously. We implement industry-standard security measures to protect your personal information and ensure the integrity of our platform. This page outlines our security practices and how we safeguard your data.

Data Protection

We employ multiple layers of security to protect your data:

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security) protocols.
  • Encryption at Rest: Sensitive data stored in our databases is encrypted to protect against unauthorized access.
  • Password Security: User passwords are hashed using industry-standard cryptographic algorithms. We never store passwords in plain text.
  • Database Security: Our PostgreSQL databases are configured with strict access controls and are regularly backed up to prevent data loss.
  • API Security: All API endpoints are protected with authentication and authorization mechanisms to ensure only authorized users can access data.

Authentication and Access Control

We implement robust authentication and access control measures:

  • JWT (JSON Web Tokens): We use JWT-based authentication to securely manage user sessions.
  • Token Expiration: Authentication tokens have limited lifespans and must be renewed periodically to maintain access.
  • Role-Based Access: User permissions are managed through role-based access control (RBAC) to ensure users only have access to appropriate resources.
  • Session Management: We implement secure session management practices to prevent session hijacking and fixation attacks.

Payment Security

We use Stripe, a PCI-DSS compliant payment processor, to handle all payment transactions. We do not store complete credit card numbers on our servers. All payment information is processed securely through Stripe's infrastructure, which maintains the highest level of payment security certification.

Infrastructure Security

Our infrastructure is designed with security in mind:

  • Hosting: Our application is hosted on secure, enterprise-grade cloud infrastructure with 99.9% uptime guarantees.
  • Network Security: We implement firewalls, intrusion detection systems, and other network security measures to protect against unauthorized access.
  • Regular Updates: We keep our systems and dependencies up to date with the latest security patches.
  • Monitoring: We use Sentry for real-time error tracking and monitoring to quickly identify and address potential security issues.
  • Redis Security: Our Redis cache is configured with authentication and access controls to prevent unauthorized access.

Application Security

We follow secure coding practices to prevent common vulnerabilities:

  • Input Validation: All user inputs are validated and sanitized to prevent injection attacks (SQL injection, XSS, etc.).
  • CSRF Protection: We implement Cross-Site Request Forgery (CSRF) protection mechanisms.
  • Content Security Policy: We use Content Security Policy (CSP) headers to prevent XSS attacks.
  • Rate Limiting: API endpoints are rate-limited to prevent abuse and denial-of-service attacks.
  • Dependency Scanning: We regularly scan our dependencies for known vulnerabilities and update them promptly.

Data Privacy and Compliance

We are committed to protecting your privacy and complying with applicable data protection regulations:

  • We implement data minimization principles, collecting only necessary information
  • We provide transparency about data collection and usage through our Privacy Policy
  • We honor user rights including data access, correction, and deletion requests
  • We maintain detailed audit logs for security and compliance purposes

For more information about how we handle your data, please see our Privacy Policy.

Incident Response

In the event of a security incident:

  • We have an incident response plan to quickly identify, contain, and remediate security issues
  • We will notify affected users promptly in accordance with applicable regulations
  • We conduct post-incident reviews to improve our security practices
  • We work with security researchers and experts to address vulnerabilities

Best Practices for Users

You can help protect your account by following these security best practices:

  • Use a strong, unique password for your EarningsNerd account
  • Never share your password with anyone
  • Log out of your account when using shared or public computers
  • Keep your browser and operating system up to date
  • Be cautious of phishing attempts and verify the URL before entering credentials
  • Report any suspicious activity or security concerns to us immediately

Responsible Disclosure

If you discover a security vulnerability in our platform, we encourage responsible disclosure. Please report security issues to us privately so we can address them before they are publicly disclosed.

To report a security vulnerability:

  • Email us at security@earningsnerd.com
  • Provide detailed information about the vulnerability, including steps to reproduce
  • Allow us reasonable time to address the issue before public disclosure
  • Do not access or modify data that does not belong to you

We appreciate the work of security researchers and will acknowledge responsible disclosures.

Third-Party Services

We use trusted third-party services that maintain their own security standards:

  • Stripe: PCI-DSS Level 1 certified payment processing
  • Resend: Secure email delivery service
  • OpenAI: API access for AI-powered features with enterprise-grade security
  • Sentry: Error tracking and monitoring with data encryption
  • PostHog: Product analytics with privacy-focused data handling

We carefully vet all third-party services to ensure they meet our security standards.

Contact Us

If you have questions about our security practices or need to report a security concern:

← Back to Home