Security by Design

We don't trust "security by obscurity." Here is exactly how we protect your sensitive data using verifiable, industry-standard encryption.

AES-256 Server-Side Encryption

For logged-in users, your application data is stored in Google Cloud Firestore. Google encrypts all customer data at rest by default using the AES-256 algorithm.

Google Infrastructure Security
Automated Redundancy

AES-256 Client-Side Encryption

For guest users, we save drafts to your browser's local storage. We protect this data using Client-Side AES-256 encryption with ephemeral session keys.

Technical Note: The encryption key allows your storage to be unreadable to other scripts. For security, if you close your browser tab, the temporary key is discarded, rendering any leftover local data permanently inaccessible.

PCI-DSS Compliant Payments

We never see, touch, or store your credit card information. All payments are processed directly by Stripe, a PCI Service Provider Level 1.

Level 1 PCI Compliance
Tokenized Transactions

Zero Data Sales Policy

Our business model is simple: you pay us for a service. We never sell, rent, or share your personal data with third-party advertisers or data brokers. Your petition data belongs to you.

All data in transit is secured via TLS 1.2+ (HTTPS) encryption.