Security & Data Protection.
BreakersDNA is a transparency platform: break results are public by design, and your business data is private by design. Here is exactly how we protect it — no marketing gloss.
Encryption
- •Encrypted in transit — all traffic is served over TLS
- •Encrypted at rest — databases and file storage use AES-256 encryption
- •Credentials stored as hashes — passwords, API keys, and tokens are never stored in plaintext
- •Signed, expiring upload URLs — media uploads use short-lived presigned URLs, not open buckets
Access Control
- •Workspace isolation enforced at the database — hundreds of row-level security policies scope every private record to the company that owns it
- •Your manifests, inventory, and costs stay yours — no other company can see them; cost basis is never exposed on any public page
- •Permission-bound roles — scanner, operator, company-admin, and platform roles each see only what their job requires
- •Rate limiting on sensitive endpoints like login, password reset, and contact forms
Audit & Monitoring
- •Audit logs — security-relevant actions are recorded with who, what, when, IP, and outcome
- •Administrative actions are audited — manual price overrides and privacy changes leave a trail
- •Continuous error monitoring — with credentials and sensitive parameters filtered before anything leaves our systems
Public by Design, Private by Design
Transparency is the product. Break results, receipts, channel pages, and directory listings are public so buyers can verify what happened. Privacy controls cover the rest:
- •Public — completed break pages, per-spot receipts (sale price, card, platform username), and channel history
- •Never public — emails, passwords, shipping addresses, cost basis, and margins
- •Opt-outs — buyers can hide their public history or profile; companies can opt out of the breaker directory
Privacy Commitments
- •Your data is never sold
- •No sharing for third-party advertising — data goes only to the service providers that run the platform (hosting, email delivery, AI card identification, error monitoring)
- •AI is for card identification— card images and card text go to recognition providers to identify cards; we don't use your personal information to train AI models of our own
- •No payments, ever — we never collect or process payment information; purchases happen on the platforms you already use
The full details — every category of data, every processor, every opt-out — are in our Privacy Policy.