Security Overview

Effective: May 12, 2026

Version: v1.0 - Last updated May 12, 2026

This Security Overview describes high-level safeguards Profasee uses to protect the Services. It is informational and does not create warranties, service levels, or obligations beyond the Terms, Privacy Policy, and any written agreement signed by Profasee.

1. Security Program

Profasee uses reasonable administrative, technical, and organizational safeguards designed for a self-serve agentic AI platform that processes ecommerce, advertising, inventory, pricing, catalog, billing, and customer-related business data.

2. Access Controls

Profasee uses role-based and need-to-know access controls for production systems and vendor tools. Customers are responsible for managing their own Users, connected Channel permissions, credentials, API keys, guardrails, approvals, and account settings.

3. Data Protection

Profasee is designed to use encryption in transit for production network traffic. Where supported by the underlying provider, production databases and storage use encryption at rest. Secrets, API keys, OAuth tokens, and payment credentials should be handled through dedicated systems and restricted access paths.

4. Payments

Profasee uses Stripe for payment processing. Full payment card numbers are processed by Stripe and are not stored on Profasee servers. Profasee may store or receive limited billing metadata such as Stripe customer identifiers, payment status, payment method type, card brand, last four digits, invoices, and dispute records.

5. Logging and Monitoring

Profasee may log account events, usage, Agent Actions, workflow activity, security events, billing activity, errors, and system telemetry to support reliability, auditability, troubleshooting, fraud prevention, abuse detection, and compliance.

6. Incident Response

Report security issues to security@profasee.com. Profasee will triage reports in a commercially reasonable manner and prioritize urgent, exploitable, or customer-impacting issues. If Profasee becomes aware of a confirmed security breach involving Customer Data under Profasee's control, Profasee will notify affected customers without undue delay and in accordance with applicable law, Channel requirements, and any written data processing terms signed by Profasee.

7. Customer Responsibilities

Customers must protect credentials, limit User access, configure appropriate guardrails, monitor Agent Actions, review Outputs where required, keep Channel permissions current, and notify Profasee without undue delay if they suspect account compromise or unauthorized access.