Security at PhiBit
We take your security obsessively seriously
This page documents how we protect your data, our certifications, and how to report any vulnerabilities you discover.
ISO 27001
Certified ISMS since 2025
TLS 1.3 encryption
All data in transit and at rest
Annual pentests
Our stack audited by 3 independent firms
NDAs by default
Mutual NDA signed before any discussion
Found a vulnerability?
We reward responsible disclosure. Send your encrypted report to:
security@phi-bit.com
PGP key fingerprint: 0xA1B2 C3D4 E5F6 7890 1234 5678 90AB CDEF G123
Critical / High
$1,500 – $5,000 + hall-of-fame badge
Medium / Low
$200 – $700 + public credit
Our practices
How we protect your data
Data minimization
We collect only what we need. We never store client credentials.
Secrets management
All secrets managed via 1Password Secrets Automation + Vercel Encrypted Env.
Daily backups
Encrypted snapshots of all databases across three geographic regions.
Mandatory code review
No code merges to main without two independent reviews.
Deletion after delivery
We delete all personal data and credentials 90 days after final delivery.