Security

This page is maintained by Panzica Technologies Inc. to answer common security and privacy questions about PreRipple and all Panzica software, AI systems, and digital services (collectively, the "Services").

The statements below describe security controls and practices that are currently enabled in the Services. This page is informational and is not an independent certification, audit report, or legal warranty of any kind.

The Services are built on managed cloud infrastructure. Application code is deployed to globally distributed edge runtimes, and persistent data is stored in a managed PostgreSQL database operated by our cloud provider.

All traffic between your device and the Services is served over HTTPS using modern transport encryption. Data at rest in the managed database is encrypted by the underlying cloud provider.

Where a Service requires an account, authentication is handled by our managed identity provider. Passwords are never stored in plain text and are handled by the identity provider using industry-standard hashing.

Database access is governed by row-level security policies so that, by default, a user can only read and write rows that belong to their own account. Administrative access to production systems is restricted to authorized personnel.

We collect only the information needed to operate the Services, as described in our Privacy Policy. We do not sell personal data to advertisers or data brokers.

• In transit: HTTPS / TLS for all connections between your device and the Services.
• At rest: Storage-level encryption provided by the managed database and object storage services.
• Secrets: API keys and service credentials are stored in a managed secret store and are not committed to source control.

The Services rely on a small set of subprocessors to function. Typical categories include:

• cloud hosting and managed database
• authentication and identity
• payment processing (Stripe, Apple App Store, Google Play)
• artificial intelligence inference providers
• email and transactional messaging
• error monitoring and product analytics

Each subprocessor receives only the information required to perform its function. We do not authorize subprocessors to use Service data for their own advertising purposes.

The Services use cookies and similar technologies to keep you signed in, remember preferences, and measure aggregate product usage. We do not use third-party advertising cookies.

We retain account data only as long as needed to operate the Services or to comply with legal obligations. You may request deletion of your account and associated personal data by contacting us at the address below. Some records may be retained in backups or as required by law after a deletion request is processed.

Depending on your jurisdiction, you may have the right to access, correct, export, or delete personal information we hold about you. To make a request, email support@panzica.ca. We may need to verify your identity before fulfilling a request.

If we become aware of a security incident that materially affects your data, we will investigate, take reasonable steps to contain and remediate it, and notify affected users as required by applicable law. To report a suspected incident, email support@panzica.ca with the subject line "Security Incident".

We welcome reports from security researchers. If you believe you have found a vulnerability in any Panzica Service, please email support@panzica.ca with the subject line "Security Report" and include enough detail for us to reproduce the issue.

Please give us a reasonable opportunity to investigate and remediate before public disclosure, and do not access, modify, or delete data that does not belong to you while researching.

Security is a shared responsibility between Panzica Technologies Inc., our infrastructure providers, and you.

• Our cloud providers are responsible for the security of the underlying platform, hardware, and managed services.
• We are responsible for how the Services are designed, configured, and operated on top of that platform.
• You are responsible for keeping account credentials confidential, using a strong unique password, signing out on shared devices, and reporting suspected unauthorized access.

Certain Services send user inputs to third-party artificial intelligence providers to generate responses. These providers may temporarily process inputs to produce outputs. AI outputs may be inaccurate or incomplete and should be independently verified before being relied on. See our Terms of Service and Privacy Policy for additional detail.

We may update this page from time to time as the Services evolve. Material changes will be reflected in the Effective Date above. Continued use of the Services after an update constitutes acceptance of the updated page.