We take your data seriously. Here's how we protect it.
- All data transmitted over HTTPS/TLS
- Passwords hashed with bcrypt
- Sessions stored in Redis with server-side encryption
- Stripe handles all payment data (we never see your card number)
- Business card images stored on private disk (not publicly accessible by default)
- Webhook payloads signed with HMAC-SHA256
- API tokens hashed before storage
- Rate limiting on auth, scan, and lookup endpoints
Responsible disclosure
Found a security issue? Please email security@mutual.cards. We'll respond within 48 hours.
