Security

Infrastructure

Proven runs on Vercel with automatic TLS. The database and backend run on Convex, with encryption in transit (TLS 1.3) and at rest.

Authentication

Handled by Convex Auth. Passwords are never stored in plaintext. Session tokens are short-lived.

Payments

All payments go through Stripe at PCI DSS Level 1. Card numbers never reach Proven's systems. Webhook signatures are verified on every event.

Application Security

• All inputs validated server-side
• Your reports and idea submissions are scoped to your account only
• CORS and CSP headers on all endpoints

Validation Data Isolation

Your submitted ideas and generated reports are private. No other user — including admins — can read your validation data. Admin access covers account metadata only (email, credit balance).

Vulnerability Reporting

Found something? Email dcanelprofessional@gmail.com. We'll respond within 48 hours.