← Back to Home

Security Practices

How we protect your farm and ranch data

Our Commitment

We understand that your farm data — equipment inventories, insurance policies, property valuations, and declaration pages — is sensitive and valuable. The Farm Vault is built from the ground up with security as a foundational principle, not an afterthought.

Data Encryption

In Transit

All data transmitted between your device and our servers is encrypted using TLS 1.2+ (HTTPS). This includes every page load, API call, photo upload, and document transfer.

At Rest

Your uploaded photos, insurance documents, and declaration pages are stored using AES-256 encryption in cloud storage. Database records are encrypted at the storage layer.

Authentication & Access

  • Password Security — Passwords are never stored in plain text. We use bcrypt hashing with salt rounds, an industry-standard one-way encryption algorithm.
  • Two-Factor Authentication (2FA) — Optional email-based verification codes add a second layer of protection. Even if your password is compromised, your account stays safe.
  • Rate Limiting — Login, signup, and contact form endpoints are rate-limited to prevent brute-force password guessing attacks.
  • Session Management — Secure JWT-based sessions with automatic expiration. Sessions cannot be forged or tampered with.

Data Isolation

Every API endpoint that accesses farm data enforces strict ownership verification. Users can only see and modify data for farms they own or have been explicitly invited to. There is no way for one user to access another user's assets, policies, or documents.

Payment Security

All payment processing is handled by Stripe, a PCI Level 1 certified payment processor. We never see, store, or have access to your credit card numbers or bank account details. We only store a Stripe customer ID to manage your subscription.

AI & Document Processing

When you use our AI photo analysis or Coverage Advisor features, your data is processed by the AI model and returned to you. Important safeguards:

  • Your documents and photos are not stored by the AI provider
  • Your data is not used for AI model training
  • AI processing occurs in real time and data is discarded after the response is generated

Incident Response Plan

In the unlikely event of a security incident, we follow a structured response process:

1

Detection & Containment

Immediately isolate affected systems and assess the scope of the incident.

2

Notification (Within 72 Hours)

Notify affected users within 72 hours as required by Oregon and Washington state law. The notification will include what happened, what data was involved, and steps being taken.

3

Investigation & Remediation

Conduct a thorough investigation, fix the vulnerability, and implement measures to prevent recurrence.

4

Post-Incident Review

Document lessons learned and update security practices accordingly. Provide affected users with a final incident report.

Regulatory Compliance

  • Oregon Consumer Privacy Act (OCPA) — We comply with Oregon's consumer privacy requirements, including rights to access, correct, and delete personal data.
  • Washington Privacy Act (WPA) — We honor the data rights of Washington state residents who use our platform.
  • California Consumer Privacy Act (CCPA) — California residents have additional rights as outlined in our Privacy Policy.
  • PCI-DSS — Payment data compliance is maintained through our partnership with Stripe (PCI Level 1).

Your Responsibilities

To keep your account secure, we recommend:

  • Use a strong, unique password for your Farm Vault account
  • Enable two-factor authentication in your security settings
  • Keep your email account secure (it's used for password recovery and 2FA)
  • Only share renewal links with trusted parties
  • Log out when using shared or public computers

Contact

To report a security concern or ask questions about our security practices:

Doc Home Improvements, LLC
Security Contact
Email: [email protected]