Our Security Practices

Protecting your data is a primary concern here at Validately. We keep your communications secure using industry-standard HTTPS, with 256-bit encryption on every request. This means you can be confident that every request passes from your computer to our servers without any 3rd party tampering. Aside from information that you explicitly choose to send out, your data can only be accessed using the secure login and password you use to sign up, and those created by the teammates you invite. Your data will be protected and completely hidden from your competitors and any other 3rd parties


We use many industry-standard best practices to prevent hacking, like irreversible passwords, prepared statements to avoid SQL injection, and filtered output and CSRF tokens to avoid cross-site style attacks. No sensitive data is stored in cookies or passed in URLs. Any teammates must authenticate with a secure login and password in order to view your sensitive data, and users can only view data for the products in which they've been explicitly granted access by the account owner.

To protect credit card information, we use Stripe to keep all sensitive information out of our system and offload PCI security concerns. See Stripe's security documentation.

Reporting a Security Concern

Validately takes security and security researchers very seriously. If you have any security concerns or believe that you've detected a security vulnerability, please contact us immediately at and we will respond within 24 hours.

Our security team makes the following commitments:

  1. We will respond to your requests or reports in a timely fashion, usually within 24 hours.
  2. We will provide an estimated schedule within which to address your concerns.
  3. We will notify you when your concern has been addressed.

Investigation of Validately's security must follow these guidelines:


  1. Do create your own account(s) for testing purposes. Contact us at if you have any questions or need assistance.
  2. Do share the full details of your investigation and results with our team privately at and give us time to respond.


  1. Do not attempt to access or damage data that does not belong to you.
  2. Do not report a vulnerability publicly without having given our security team a chance to address your concerns.
  3. Do not ask for compensation for reporting a vulnerability.
  4. Do not attempt to cause a denial of service (DoS or DDoS).