Data Encryption
- - All data encrypted at rest using AES-256
- - All data in transit protected by TLS 1.3
- - Database backups encrypted separately
- - API keys hashed using bcrypt before storage
Access Controls
- - Role-based access control for all internal systems
- - API keys scoped to specific operations
- - All admin actions logged with full audit trail
- - 2FA required for all PrimoDato team members on production systems
Infrastructure Security
- - Hosted on AWS with VPC isolation
- - Regular dependency scanning via Snyk
- - Automated vulnerability scanning on CI/CD
- - Databases are not publicly accessible and are reached only through private network paths
Compliance
- - GDPR compliant with a DPA available for EU customers
- - CCPA compliant for California users
- - Only publicly available or legitimately sourced business data
- - SOC 2 Type II audit in progress with expected completion in Q3 2025
Responsible data practices
PrimoDato only surfaces publicly available business information and professionally relevant contact data. We do not collect, store, or sell personal data of private individuals. All company data and professional contact information in our database is sourced from publicly available records, business directories, and legitimate data partnerships.
Report a security issue
If you've found a security vulnerability in PrimoDato, please report it responsibly to security@primodato.com. We aim to acknowledge reports within 24 hours and resolve confirmed vulnerabilities within 30 days.
We do not operate a bug bounty program at this stage, but we genuinely appreciate responsible disclosure and will credit researchers publicly with their consent.
security@primodato.com