Security Overview

Our approach

PetManifest handles sensitive pet care, household access, and business operations data. Security is built into account access, database isolation, encryption for high-risk fields, and operational practices designed for small teams running production workloads responsibly.

To report a vulnerability, email security@petmanifest.com. Please include steps to reproduce and impact assessment. We aim to acknowledge reports within three business days.

Authentication and sessions

• Passwords are hashed with bcrypt before storage; plaintext passwords are not retained.
• API access uses signed JWT access tokens with configurable expiry.
• Authentication endpoints apply rate limiting to reduce brute-force attempts.
• Password reset links are single-use, time-limited tokens delivered out of band.

Authorisation and household isolation

• Role-based access separates pet owners, household sitters, business owners, managers, and walkers.
• Route guards and API procedures enforce account type and business role before sensitive actions run.
• PostgreSQL row-level security policies scope queries to the authenticated user's household context.
• Per-request database connections can inject session context so concurrent requests cannot leak access.

Encryption

• Data in transit is protected with HTTPS/TLS between clients and our servers.
• Household security fields (for example alarm codes, key locations, Wi‑Fi passwords) are encrypted at the application layer before being stored.
• Encryption keys are supplied via environment configuration and are not committed to source control.

Application and infrastructure hardening

• HTTP security headers are applied via Helmet on the API server.
• CORS is restricted to configured application origins in production.
• Production deployments run backend services in isolated Docker networks without unnecessary public database exposure.
• Secrets such as JWT signing keys and encryption keys must meet minimum length requirements in production.

Payments

Card payments and Connect payouts are handled by Stripe. PetManifest does not store full payment card numbers. Stripe components are used for onboarding, invoicing, and payout status.

Document and media storage

Uploaded documents and media may be stored in object storage with access controlled by household membership and business permissions. Upload endpoints validate content types and size limits.

Offline operation

PetManifest caches care actions locally when connectivity is poor, then syncs when the device reconnects. Cached data remains on the user's device and is protected by the device's operating system protections and the user's session controls.

Logging and monitoring

• Server logs capture errors and operational events needed for reliability and incident response.
• Logs are limited to what is necessary and should not include plaintext household secrets.
• Admin access is restricted to explicitly allowlisted operator emails.

Backups and availability

Database volumes are persisted across container restarts. Operators should maintain their own backup and disaster-recovery procedures appropriate to their deployment environment.

Your responsibilities

• Use strong, unique passwords and revoke access for former staff or sitters promptly.
• Share household invite links only with trusted carers.
• Keep devices updated and log out on shared devices.
• Report suspicious activity to security@petmanifest.com.

Incident response

If we confirm a security incident affecting personal data, we will investigate promptly, mitigate ongoing risk, and notify affected users or regulators where required by applicable law.