How we protect your pipeline data — and every customer-facing policy that governs a Billslash Reach account, in one place.
TLS 1.2+ in transit and AES-256 at rest across Lovable Cloud, Supabase, and Cloudflare.
Row-Level Security on every customer-data table. SECURITY DEFINER role checks. TOTP MFA for all admins.
Dependency + SAST scans on every push, monthly DAST, annual third-party pen test, 24-month audit logs.
Program highlights, sub-processors, and downloadable IRP / vuln-management runbook / DPA template.
What we collect, why, retention windows, and your GDPR / CCPA rights.
B2B DPA with SCCs and CCPA terms — ready to countersign.
What you can and can't send through Reach — anti-spam, anti-abuse, and infrastructure protection.
How long we keep account, message, and audit data — and how to request deletion.
First- and third-party cookies, analytics, and how to opt out.
Consent to receive contracts, notices, and disclosures electronically.
Master subscription terms, deliverability disclaimer, and limitation of liability.
Email security@billslash.app. We acknowledge reports within two business days and provide a remediation timeline within five.