Security at LienShield
How we protect your project data, lien filings, and account. This page reflects the current posture; we update it as the platform and roadmap evolve.
Last updated: 2026-05-16
Data protection
- Encryption in transit
- All API and web traffic is TLS 1.2+ with HSTS preload-eligible headers.
- Encryption at rest
- PostgreSQL on Railway uses encrypted volumes; evidence uploads stored in Cloudflare R2 with server-side encryption.
- Password hashing
- Bcrypt with a per-installation strong cost factor. Plaintext passwords are never logged, returned, or stored.
- Authentication
- JWT access tokens (30-minute lifetime) + refresh tokens (7-day rotation). HttpOnly + Secure + SameSite=Lax cookies; cross-subdomain Domain attribute restricted to lienshield.app.
Infrastructure
- Backend hosting
- Railway (US East). FastAPI + Uvicorn behind Railway's edge proxy. Health-checked, autoscaled, and idle-shielded against cold-start cost on paid plans.
- Frontend hosting
- Vercel global edge network. Static + ISR pages cached at PoPs near your customers.
- Object storage
- Cloudflare R2 (lienshield-evidence bucket) for contract uploads and generated PDF artifacts. Per-organization key namespacing.
- Database
- Managed PostgreSQL on Railway with automated daily backups and point-in-time-recovery.
Application hardening
- Content Security Policy
- API responses ship 'default-src none; frame-ancestors none' so the surface can't be embedded or fetched from a foreign origin.
- CORS allowlist
- Strict origin allowlist paired with allow_credentials=true (no wildcard). Origin gating on every state-changing request.
- Rate limiting
- Per-IP rate limits on authentication, password reset, contract parsing, and other quota-bound endpoints. Multi-IP credential-stuffing detection is on the roadmap.
- Multi-tenant isolation
- Every data query is scoped to organization_id (never raw user_id). Row-level enforcement plus per-route assertions.
Privacy and access
- No data sale
- Your project data, contracts, and lien filings are never sold, shared, or used to train models. See the Privacy Policy for the full statement.
- Subprocessors
- Mailgun (transactional email), Stripe (billing), Cloudflare (DNS + R2), Railway (hosting), Vercel (frontend), DeepSeek API (optional contract parsing). Each handles data under their published security postures.
- Data export
- CSV and Excel exports of all your projects and filings are available at any plan tier from the Dashboard.
- Account deletion
- Request account deletion from Settings or contact support. Records are purged within 30 days, subject to legal-retention obligations for recorded lien filings.
Compliance posture
- SOC 2 status
- SOC 2 Type II readiness is on the 2026 roadmap. We document control activity (access reviews, change management, encryption, monitoring) ahead of the formal audit.
- GDPR / CCPA
- Customer data export and deletion supported. We honor verified consumer requests under both regimes.
- PCI
- Payment cards are processed exclusively by Stripe; LienShield never sees or stores PAN data.
Vulnerability disclosure
If you believe you've discovered a security issue affecting LienShield, please email security@lienshield.app. We acknowledge reports within one business day and remediate verified issues on a priority schedule. Please do not exploit, exfiltrate user data, or run automated scans that degrade service.
In-scope: lienshield.app, *.lienshield.app, and the LienShield mobile/web apps. Out-of-scope: social engineering, physical attacks, denial-of-service, third-party services hosting our subprocessors.
Have an enterprise security question?
We can share security documentation, subprocessor lists, and SOC 2 roadmap detail under NDA.