Data Security & Incident Response

Weisscollar uses reasonable administrative, technical, and organizational safeguards designed to protect account, profile, document, chat, billing-status, and application-tracking data. These safeguards may include HTTPS/TLS, managed cloud infrastructure, environment-specific secrets, access controls, authentication through a dedicated identity provider, payment processing through Stripe, operational logging, and error monitoring.

We continuously adjust our security program as the product, infrastructure, vendor stack, and threat environment change. No website, software system, network, AI provider, cloud provider, payment processor, or authentication provider can be guaranteed to be completely secure.

You are responsible for keeping your account credentials, email account, devices, browser sessions, and linked third-party accounts secure. Use strong authentication where available, keep your devices updated, and promptly notify us if you suspect unauthorized access to your Weisscollar account.

Do not upload secrets, API keys, passwords, Social Security numbers, government identifiers, financial account details, health information, or other highly sensitive information unless it is necessary for the specific workflow and you are comfortable with the data being processed by the service and its providers.

A security incident may include unauthorized access, disclosure, alteration, loss, misuse, or unavailability of systems or data. If we become aware of a suspected incident, we may investigate, contain the issue, preserve relevant logs, rotate credentials, suspend affected features, work with vendors, notify payment or identity providers, and take other steps we believe are appropriate.

Security investigations can take time. We may not be able to share every technical detail, especially if doing so would create additional security risk, compromise an investigation, violate law, reveal another user’s information, or disclose confidential vendor or infrastructure details.

If we determine that a security incident triggers a legal notification obligation, we will provide notices as required by applicable law. The timing, form, and content of any notice may depend on the facts, the type of information involved, law enforcement guidance, vendor investigation, identity verification, and applicable federal or state requirements.

Where appropriate, we may notify affected users by email, in-product notice, website notice, or another method permitted by law. We may also notify regulators, law enforcement, payment processors, identity providers, or other affected parties where required or appropriate.

During an incident, suspected abuse, vendor outage, payment dispute, fraud investigation, or security review, we may limit, suspend, throttle, disable, reset, or terminate access to accounts, features, API calls, credits, exports, webhooks, or integrations. These actions may be immediate when we believe they are needed to protect users, Weisscollar, vendors, or the broader service.

To the fullest extent permitted by law, Weisscollar is not responsible for security events caused by user devices, compromised user email accounts, weak or reused passwords, malware, phishing, user-authorized third-party access, third-party provider failures, internet outages, force majeure events, or other circumstances outside our reasonable control.

This policy does not expand the warranties, remedies, or liability limits in our Terms of Service. If there is a conflict, the Terms of Service control to the fullest extent permitted by law.

If you believe you found a vulnerability, email info@weisscollar.com with “Security” in the subject line. Please include enough detail to reproduce the issue and do not access, modify, exfiltrate, publish, or delete data that does not belong to you.