Security at ProMarshal

ProMarshal takes the security of our platform and customer data seriously. We implement the following measures: • All data is transmitted over HTTPS/TLS • OAuth tokens and credentials are encrypted at rest using AES-256 encryption • Access to production systems is restricted to authorized personnel only • Regular security reviews and dependency updates • Secrets are managed via environment variables, never hardcoded in source code • MongoDB Atlas database encryption at rest • Slack request signing verification on all webhook endpoints

ProMarshal operates a vulnerability disclosure program. If you discover a security vulnerability in our platform or Slack app, we encourage you to report it responsibly. How to report: • Email us at support@promarshal.ai with details of the vulnerability • Include steps to reproduce, potential impact, and any supporting evidence • We will acknowledge your report within 48 hours • We aim to resolve confirmed vulnerabilities within 30 days • We will keep you informed of our progress throughout the process We ask that you: • Do not publicly disclose the vulnerability before we have had a chance to address it • Do not access, modify, or delete data that does not belong to you • Act in good faith to avoid privacy violations or service disruption We appreciate the security community's efforts in keeping ProMarshal safe.

For security vulnerability reports and security-related inquiries, contact us at support@promarshal.ai. For general privacy or data-related questions, contact support@promarshal.ai.