Security Policy

Last Updated: November 26, 2025

1. Our Commitment to Security

At NextStack SaaS Starter, we take the security of your data seriously. We implement industry-standard security measures to protect your information and maintain the integrity of our Service.

2. Security Measures

We employ multiple layers of security protection:

2.1 Authentication & Access Control

• Clerk authentication with industry-standard encryption
• Secure session management
• Role-based access control (RBAC)
• Multi-factor authentication support

2.2 Data Protection

• Encryption in transit (TLS/HTTPS)
• Encryption at rest for sensitive data
• Regular database backups
• Secure file storage with AWS S3

2.3 Infrastructure Security

• Regular security updates and patches
• Firewall protection and network security
• DDoS protection
• Automated security scanning
• Rate limiting to prevent abuse

3. Vulnerability Reporting

We appreciate the security research community's efforts in keeping our users safe. If you discover a security vulnerability, please report it responsibly.

3.1 How to Report

Send vulnerability reports to: security@nextstack-saas-starter.com

Please include:

• Description of the vulnerability
• Steps to reproduce
• Potential impact
• Your contact information

3.2 What to Expect

• We will acknowledge your report within 48 hours
• We will investigate and respond with our findings
• We will work to remediate valid vulnerabilities promptly
• We will keep you informed throughout the process

3.3 Responsible Disclosure Guidelines

We ask that you:

• Do not access or modify user data without permission
• Do not perform destructive testing (DoS, spam, etc.)
• Do not publicly disclose the issue before we have addressed it
• Make a good faith effort to avoid privacy violations

4. Compliance & Certifications

We comply with relevant data protection regulations and industry standards:

• GDPR (General Data Protection Regulation)
• CCPA (California Consumer Privacy Act)
• SOC 2 Type II compliance (in progress)

5. Incident Response

In the event of a security incident, we have established procedures to:

• Quickly identify and contain the incident
• Assess the impact and affected users
• Notify affected users as required by law
• Implement measures to prevent recurrence

6. User Responsibilities

Help us keep your account secure by:

• Using a strong, unique password
• Enabling multi-factor authentication
• Not sharing your account credentials
• Reporting suspicious activity immediately
• Keeping your contact information up-to-date

7. Third-Party Services

We use trusted third-party services that maintain their own security standards:

• Clerk: SOC 2 Type II certified authentication
• AWS: ISO 27001, SOC 1/2/3 certified infrastructure
• Vercel: Enterprise-grade hosting platform

8. Contact Us

For security-related questions or concerns: security@nextstack-saas-starter.com

For general inquiries: support@nextstack-saas-starter.com