← My Pep Calc

Legal

Security

Last updated: April 24, 2026

Our approach

My Pep Calc takes the security of your data seriously. We apply industry-standard controls throughout the stack and review them regularly.

  • Encryption in transit. All traffic between your browser and our servers uses TLS 1.2+.
  • Encryption at rest. Data stored in our backend (Convex) is encrypted at rest by the provider.
  • Authentication. Account access is managed by Clerk with support for passwordless (magic link) and OAuth login. Multi-factor authentication is available and recommended.
  • Least-privilege access. Internal team members only have access to the systems they need to do their jobs. Admin access requires MFA.
  • Dependency management. We run automated dependency scanning (Dependabot) and apply security patches promptly.
  • Error monitoring. Sentry captures errors and anomalous behavior in real time.
  • Payments. We do not store card numbers. All payment processing is handled by Stripe, which is PCI-DSS Level 1 compliant.

Responsible disclosure

If you believe you've found a security vulnerability in My Pep Calc, please report it to us before publicly disclosing it. We ask for a reasonable amount of time to investigate and remediate before any public disclosure.

How to report: Email security@mypepcalc.com (or hello@mypepcalc.com if the security address is not yet active) with:

  • A description of the vulnerability
  • Steps to reproduce
  • The potential impact
  • Any suggested remediation (optional)

We will acknowledge receipt within 2 business days and keep you updated on our progress. We do not currently operate a bug bounty program, but we sincerely appreciate responsible disclosures.

Scope

In-scope for responsible disclosure:

  • mypepcalc.com and subdomains
  • The My Pep Calc web application
  • API endpoints served from mypepcalc.com

Out of scope:

  • Vulnerabilities in third-party services (Clerk, Stripe, Convex, Vercel)
  • Social engineering or phishing attacks
  • Denial-of-service attacks
  • Reports with no clear security impact

Breach notification

If we discover a breach that is reasonably likely to affect your personal data, we will notify you as required by applicable law, and in any case within a reasonable timeframe.

Contact

Gromby LLC, dba My Pep Calc
Security: security@mypepcalc.com
General: hello@mypepcalc.com