Last updated: January 2026

At DigiParser, we take the protection of customer data extremely seriously. This Security Policy describes the organizational and technical measures we implement platform-wide to prevent unauthorized access, use, alteration, or disclosure of customer data.

DigiParser services operate on modern cloud infrastructure; this policy describes our security practices within our cloud environment. We recommend you also review our Terms of Service and Privacy Policy.

Our infrastructure and security practices are managed by experienced professionals who have designed, built, and operated secure Internet-facing systems. We continuously monitor and improve our security posture.

• We have implemented formal procedures for security events and have educated all staff on our policies.
• When security events are detected, they are escalated immediately to our security team for rapid response.
• After a security event is resolved, we conduct a post-mortem analysis to understand what happened and prevent similar events in the future.
• DigiParser follows applicable data protection laws and will notify you of security breaches that affect your data in accordance with legal requirements.

• We have functioning, frequently used automation in place so that we can safely and reliably roll out changes to both our application and infrastructure within minutes.
• We deploy code regularly, giving us high confidence that we can get a security fix out quickly when required.

• All of our services run in the cloud. DigiParser does not run our own physical servers, routers, load balancers, or DNS servers.
• All of our services and data are hosted on modern cloud platforms (including Vercel and Cloudflare) and protected by their security measures. DigiParser services have been built with disaster recovery in mind.
• All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests from reaching our internal network.
• We use automated backup solutions for datastores that contain customer data.

• Customer data is stored in secure, encrypted datastores.
• Customer data is stored in multi-tenant datastores; we do not have individual datastores for each customer. However, strict privacy controls exist in our application code that are designed to ensure data privacy and to prevent one customer from accessing another customer's data (logical tenant isolation). We have automated tests in place to ensure these privacy controls work as expected.
• Each DigiParser system used to process customer data is adequately configured and patched using commercially reasonable methods according to industry-recognized system-hardening standards.
• Secure, signed URLs are used for document access to ensure only authorized parties can view documents.
• DigiParser engages certain subprocessors to process customer data. These subprocessors are listed in our Third Party Subprocessors page, as may be updated by DigiParser from time to time.

• All data sent to or from DigiParser is encrypted in transit using 256-bit encryption (TLS/SSL).
• Our API and application endpoints are TLS/SSL only and use strong cipher suites with features such as HSTS enabled.
• We also encrypt data at rest using industry-standard AES-256 encryption algorithms.

• DigiParser is served 100% over HTTPS.
• There are no corporate resources or additional privileges from being on DigiParser's network.
• We have two-factor authentication (2FA) and strong password policies on all cloud services to ensure access to cloud services are protected.
• We recommend that all users enable two-factor authentication on their DigiParser accounts.

• DigiParser enables permission levels to be set for any team members with access to DigiParser.
• Permissions and access can be set to include parser settings, billing, user data, document management, and data export capabilities.

• DigiParser personnel do not have access to customer documents by default
• Support access requires explicit customer consent
• Access is granted per document or per request, not globally
• All access is logged and limited to troubleshooting purposes only
• Secure, signed URLs are used for document access to ensure only authorized parties can view documents

• On an application level, we produce audit logs for all activity and use secure storage for archival purposes.
• All access to DigiParser applications is logged and audited.
• All actions taken on production systems or in the DigiParser application are logged.

• We regularly review our codebase and infrastructure for security vulnerabilities.
• We use technologies to provide an audit trail over our infrastructure and the DigiParser application. Auditing allows us to do ad-hoc security analysis, track changes made to our setup, and audit access to every layer of our stack.
• While we are continuously working toward industry certifications, we follow security best practices and standards. For specific compliance requirements or security documentation, please contact us at [email protected].

All payment instrument processing for purchase of DigiParser services is performed by our payment provider (LemonSqueezy). Payment information is not stored on our servers. For more information on our payment provider's security practices, please see our Third Party Subprocessors page.

• Managing your own user accounts and roles from within the DigiParser services.
• Protecting your own account and user credentials by using two-factor authentication for all of your employees accessing the DigiParser services.
• Compliance with the terms of your services agreement with DigiParser, including with respect to compliance with laws.
• Promptly notifying DigiParser if a user credential has been compromised or if you suspect possible suspicious activities that could negatively impact security of the DigiParser services or your account.
• You may not perform any security penetration tests or security assessment activities without the express advance written consent of DigiParser.

If you have questions about our security practices or need to report a security concern, please contact us at [email protected].