Data Security
How we protect your information and our database
Last Updated: June 9, 2025
Our Commitment to Security
At Celebrity Companies, we take the security of your data and our database seriously. We implement comprehensive security measures to protect against unauthorized access, data breaches, and other security threats. Our security approach is built on industry best practices and is regularly reviewed and updated to address emerging threats.
User Data Protection
We collect only the minimum amount of personal information necessary to provide our services. All user data is protected with strong encryption and access controls.
Database Integrity
Our database of celebrity business information is secured with multiple layers of protection to ensure its accuracy and prevent unauthorized modifications.
Security Measures
End-to-End Encryption
All sensitive data is encrypted during transmission using industry-standard TLS 1.3 protocols with AES-256 encryption. Data at rest is encrypted using AES-256-GCM encryption with regularly rotated keys managed through secure key management systems.
Secure Database Storage
We use Supabase with PostgreSQL for our database, which employs robust security measures including row-level security policies, encrypted storage, connection pooling with SSL, and regular automated security patches and updates.
Regular Security Audits
Our systems undergo quarterly security audits and annual penetration testing by independent security experts. We also conduct monthly vulnerability assessments and maintain a continuous security monitoring program.
Access Controls & Authentication
Strict access controls ensure that only authorized personnel can access sensitive information. We implement multi-factor authentication (MFA), role-based access control (RBAC), and follow the principle of least privilege with regular access reviews.
Data Backup and Recovery
We maintain automated daily backups with point-in-time recovery capabilities. Backups are encrypted, geographically distributed, and tested monthly. Our RTO is 4 hours and RPO is 1 hour for critical systems.
Compliance with Standards
Our security practices comply with industry standards including ISO 27001, SOC 2 Type II, and regulations such as GDPR, CCPA, and other relevant data protection laws. We maintain continuous compliance monitoring.
Network Security
Our infrastructure includes firewalls, intrusion detection systems (IDS), DDoS protection, and network segmentation. All network traffic is monitored 24/7 with automated threat detection and response capabilities.
Incident Response
We have a comprehensive incident response plan with 24/7 monitoring, automated alerting, and a dedicated security team. All security incidents are logged, investigated, and reported according to regulatory requirements.
Security Certifications & Compliance
We maintain industry-standard certifications and comply with international security frameworks:
ISO 27001
Information Security Management System certification ensuring systematic approach to managing sensitive information.
SOC 2 Type II
Annual audit of our security, availability, and confidentiality controls by independent auditors.
GDPR Compliance
Full compliance with European data protection regulations including data minimization and privacy by design.
CCPA Compliance
California Consumer Privacy Act compliance ensuring transparency and control over personal information.
Incident Response & Recovery
We have established comprehensive procedures for security incident response and business continuity:
Detection & Response
24/7 security monitoring with automated threat detection, immediate alerting, and rapid response team activation. Average response time: 15 minutes for critical incidents.
Business Continuity
Disaster recovery plans with RTO (Recovery Time Objective) of 4 hours and RPO (Recovery Point Objective) of 1 hour. Regular testing ensures rapid service restoration.
Communication & Transparency
Clear communication protocols for security incidents including user notification, regulatory reporting, and public disclosure when required by law.
Reporting Security Issues
We take security vulnerabilities seriously and encourage responsible disclosure. If you believe you've found a security issue on our platform, please report it to us immediately. We appreciate your help in keeping our platform secure.
Security Vulnerability Reporting
Please email our security team with details of the vulnerability. Include steps to reproduce the issue and any other relevant information that would help us understand and address the problem. We follow responsible disclosure practices and will acknowledge receipt within 24 hours.
Response Time: We acknowledge security reports within 24 hours and provide updates every 72 hours until resolution.