Security at BarkScan

We take security seriously. As a security-focused company, we hold ourselves to the highest standards of data protection and infrastructure security.

Infrastructure Security

  • Cloud Infrastructure: We use industry-leading cloud providers with SOC 2 Type II compliance
  • Network Isolation: Services are deployed in isolated networks with strict firewall rules
  • DDoS Protection: Multi-layer DDoS mitigation protects against volumetric attacks
  • Monitoring: 24/7 infrastructure monitoring with automated alerting
  • Incident Response: Documented incident response procedures with regular drills

Application Security

  • Secure Development: Security code reviews and static analysis on all code changes
  • Authentication: Multi-factor authentication (MFA) available for all accounts
  • Authorization: Role-based access control (RBAC) with principle of least privilege
  • API Security: Rate limiting, authentication, and input validation on all endpoints
  • Dependency Management: Automated scanning for vulnerable dependencies with prompt patching

Data Protection

  • Encryption in Transit: TLS 1.3 for all data transmitted over networks
  • Encryption at Rest: AES-256 encryption for stored data and backups
  • Data Minimization: We only collect and retain data necessary for our services
  • Access Controls: Strict access controls with audit logging for all data access
  • Secure Deletion: Cryptographic erasure when data is deleted

Compliance & Certifications

We maintain compliance with industry standards and regulations:

  • GDPR: Full compliance with EU General Data Protection Regulation
  • CCPA: California Consumer Privacy Act compliance
  • SOC 2: Working towards SOC 2 Type II certification
  • PCI DSS: Payment processing through PCI-compliant providers

Security Testing

We continuously test and validate our security measures:

  • Penetration Testing: Annual third-party penetration tests
  • Vulnerability Scanning: Continuous automated vulnerability scanning
  • Bug Bounty Program: Coming soon - rewarding security researchers who find vulnerabilities
  • Security Audits: Regular internal and external security audits

Responsible Disclosure

We welcome reports of security vulnerabilities from the security research community. If you discover a security issue:

  • Email details to a.text-electric-500.hover:text-electric-400 href="mailto:[email protected]" [email protected]
  • Provide detailed steps to reproduce the vulnerability
  • Give us reasonable time to address the issue before public disclosure
  • Do not access, modify, or delete user data

We commit to:

  • Acknowledge your report within 48 hours
  • Provide regular updates on our progress
  • Credit you for the discovery (if desired) once the issue is resolved
  • Not pursue legal action against good-faith security researchers

Security Incident Notifications

In the event of a security incident that may affect user data:

  • We will investigate and contain the incident immediately
  • Affected users will be notified within 72 hours
  • We will provide clear information about the nature of the incident
  • Steps to mitigate risk will be communicated
  • Post-incident reports will be shared as appropriate

Employee Security

  • Background Checks: Background checks for all employees with data access
  • Security Training: Mandatory security awareness training for all team members
  • Access Reviews: Quarterly access reviews and revocation procedures
  • Device Security: Full disk encryption and endpoint protection on all work devices

Questions?

For security-related questions or concerns, please contact our security team:

Security Team: [email protected]

General Support: [email protected]

This page was last updated on January 28, 2026. We continuously improve our security posture and update this page to reflect our current practices.