Security practices
You are trusting us with credit data. Here is exactly how that trust is engineered, not just promised.
Encryption everywhere
All traffic uses TLS 1.2+, and data is encrypted at rest in our database. Credit report payloads are stored encrypted and access-restricted.
No passwords to steal
Sign-in runs through Google and Apple. We never store a password for your account, which removes the most common breach target entirely.
Your SSN is never sold
Sensitive identifiers are used only to fulfill the credit check you request. They are never sold, rented, or shared for marketing.
Consent before every pull
A timestamped FCRA consent record is written to an audit table before any request reaches Equifax — enforced in code, not policy.
Strict separation of systems
The public website never touches credit bureaus directly. Only our hardened backend service communicates with Equifax and lending partners, from a fixed, allowlisted network address.
Audit trails and retention
Credit pulls, consents, and offer events are logged immutably and retained per FCRA requirements, so every access to your data is accountable.
Found a vulnerability? Report it responsibly via our contact page — security reports are triaged ahead of everything else.