Security | CostFunction

Your data security isn't just a checkbox for us—it's foundational to how we've built CostFunction from day one.

How We Protect Your Data

Encryption Everywhere

Every piece of data you store with us is encrypted using AES-256, the same standard trusted by banks and government agencies. Whether your data is sitting on our servers or moving between your browser and our platform, it's locked down.

For data in transit, we use TLS 1.3 (the latest version of HTTPS/SSL). We enforce strict security headers and regularly test our configuration to maintain an A+ SSL rating.

We Don't Store What We Don't Need

Here's the thing: the best way to protect sensitive data is to not have it in the first place.

We don't store PII. We've architected CostFunction so we don't need to hold onto personally identifiable information. Less data means less risk—for you and for us.

We don't touch your payment info. Credit cards, bank accounts, billing details—none of it ever hits our servers. All payments are processed by Stripe, which holds the highest level of PCI compliance (Level 1). Your financial data stays with the experts who specialize in protecting it.

What We Don't Store	Who Handles It
Credit card numbers	Stripe
Bank account info	Stripe
Billing details	Stripe
PII	Not collected

Our Team

Security isn't just about technology—it's about people. Every CostFunction employee completes privacy and security training twice a year, covering everything from data handling to phishing awareness to incident response. Security is everyone's job here.

Infrastructure

We run on enterprise-grade cloud infrastructure with SOC 2 Type II certification. Our setup includes network segmentation, intrusion detection, regular vulnerability scans, and automated patching. Access to production systems is tightly controlled and fully audited.

Questions?

We're happy to talk security. If you have questions about how we protect your data—or if you've found something we should know about—reach out to our team.