Security

Last updated: November 2, 2025

Our Commitment to Security

Security is at the core of everything we do at Bear Billing. We understand that you're trusting us with sensitive billing and usage data, and we take that responsibility seriously.

Our security program is designed to protect your data through multiple layers of defense, industry-leading practices, and continuous monitoring. We're committed to transparency and will work with you to address any security concerns.

Data Protection

Encryption

  • Industry-standard encryption (TLS 1.2+, AES-256)
  • All data encrypted in transit and at rest
  • Secure key management practices

Payment Processing

  • Stripe for payment processing (PCI DSS Level 1 certified)
  • We never store or see your full payment card details
  • All payment data tokenized and encrypted

Data Minimization

  • We only collect data necessary for billing
  • Usage metadata only - no end-user personal data
  • Regular data retention reviews
  • Automated deletion per retention schedules

Infrastructure Security

  • Enterprise-grade cloud infrastructure - SOC 2 Type II certified providers
  • Multi-layer security architecture - Defense in depth approach
  • Automated daily backups - Point-in-time recovery available
  • 24/7 security monitoring - Continuous threat detection
  • Regular security assessments - Annual penetration testing and vulnerability scans

Access Control & Authentication

  • Role-based access control (RBAC) - Principle of least privilege
  • Multi-factor authentication (MFA) - Required for administrative access
  • API authentication and authorization - Secure token-based access
  • Session management - Automatic timeouts and secure cookies
  • Audit logging - All access and changes logged

Compliance & Certifications

Working Toward

  • ✓ SOC 2 Type II certification
  • ✓ GDPR-ready architecture
  • ✓ CCPA compliance framework

Security Practices

  • ✓ Security-focused development
  • ✓ Regular third-party audits
  • ✓ Incident response procedures

Business Continuity

  • High availability - Redundant infrastructure design
  • Disaster recovery - Tested backup and recovery procedures
  • Incident response - 24/7 on-call security team
  • Data backup - Automated daily backups with 30-day retention

Employee Security

  • Background checks - For employees with data access
  • Security training - Regular security awareness programs
  • Confidentiality agreements - All employees sign NDAs
  • Access reviews - Quarterly review of employee permissions

Enterprise Security

For enterprise customers, we provide additional security resources:

  • Detailed security documentation (under NDA)
  • Security questionnaire responses
  • Architecture diagrams and data flow documentation
  • SOC 2 reports (when available)
  • Penetration test results (summary)
  • Custom security reviews and assessments

Contact [email protected] to request detailed security documentation.

Report a Security Vulnerability

We value the security research community and encourage responsible disclosure of security vulnerabilities.

How to Report

If you discover a security vulnerability, please email: [email protected]

Include:

  • Description of the vulnerability
  • Steps to reproduce
  • Potential impact
  • Your contact information

We commit to acknowledging reports within 3 business days and providing regular updates on remediation. See our Vulnerability Disclosure Policy for complete details.

Questions & Contact

Security Inquiries: [email protected]

Privacy Questions: [email protected]

General Support: [email protected]

Related Policies