Security at ContractShield
You run real jobs and move real money through ContractShield, so we treat your data and payments accordingly: encryption everywhere, funds held in escrow until the work is approved, and strict access controls on every account.
Encryption everywhere
All traffic is encrypted with TLS 1.3 in transit, and your data is encrypted with AES-256 at rest across databases and file storage. Hosted on SOC 2 and ISO 27001 certified cloud infrastructure.
Identity & access management
Strict per-account data isolation, role-based access controls, and full audit trails on sensitive operations. Multi-factor authentication is available on every account.
Application security
Automated dependency scanning, static analysis in CI, CSRF protection, and rate limiting on every API endpoint. Unauthenticated endpoints never touch billing or AI spend.
Payments held safely until the work is done
Card payments are processed by Stripe, a PCI-DSS Level 1 certified provider — the highest level in the payments industry. ContractShield never sees or stores full card numbers. On every job, funds are held in escrow and released to you only after the client approves the work, on a grace timer, so both sides are protected. Payouts go straight to your connected bank account.
Assurance & certifications
SOC 2 certification is on the compliance roadmap. Today I align with the CIS Critical Security Controls, maintain a vendor management register, and comply with GDPR and CCPA requirements.
Prepared for the unexpected
Structured runbooks and predefined escalation paths ensure quick, organized responses during the rare events that require mitigation.
Report a security concern
Reach out directly for vulnerability disclosures, responsible reporting, or compliance questions.
Email: legal@contractshield.io
I acknowledge security reports within one business day and provide status updates through resolution.