Security at AFreshPet
Your data security is foundational to our platform, not an afterthought. Here is how we protect it.
Multi-tenant Isolation
Every database query in AFreshPet passes through PostgreSQL Row Level Security (RLS) policies. This means tenant data isolation is enforced at the database level, not just in application code. Even if an application-layer bug were to occur, one tenant could never access another tenant's data. Each API request sets a session-scoped tenant context before any query executes.
Encryption
All data in transit is protected with TLS 1.2 or higher. Sensitive data at rest — including gate codes, property access notes, and API keys — is encrypted using AES-256 before being stored. Database backups are encrypted at rest. We rotate encryption keys on a regular schedule and maintain strict key management procedures.
Infrastructure
AFreshPet runs on Render in US-based data centers with automatic failover and daily backups. Static assets and proof-of-service photos are served through Cloudflare CDN for fast, reliable delivery worldwide. Photo uploads are stored in Cloudflare R2, providing S3-compatible object storage with built-in redundancy. All infrastructure components are monitored 24/7 with automated alerting.
Authentication
We use Clerk as our authentication provider, offering enterprise-grade identity management out of the box. Multi-factor authentication (MFA) is supported for all accounts and can be enforced at the organization level. Session tokens are short-lived and automatically rotated. All authentication events are logged for audit purposes.
Compliance
AFreshPet is actively pursuing SOC 2 Type II certification. We maintain internal security policies covering access control, incident response, change management, and vendor assessment. Our team conducts regular security reviews and addresses vulnerabilities through a responsible disclosure process. If you have specific compliance requirements, please contact us to discuss.
Payments
All payment processing is handled by Stripe Connect. AFreshPet never stores credit card numbers, bank account details, or other sensitive payment credentials on our servers. Stripe is a PCI DSS Level 1 certified service provider — the highest level of certification available. Payment data flows directly between your clients and Stripe, with AFreshPet only receiving transaction confirmation metadata.