Security Policy

Effective Date: September 1, 2025
Last Updated: September 1, 2025
Version 1.0

Last Updated: January 2025

Our Security Commitment

At WhyTheHighBill.com, we take the security of your data seriously. This policy outlines our security practices and your role in keeping your account secure.

Security Measures We Implement

Data Encryption

  • In Transit: All data transmitted uses TLS 1.3 encryption
  • At Rest: Database encryption using AES-256
  • Passwords: Bcrypt hashing with salt

Infrastructure Security

  • Cloud infrastructure with SOC 2 compliance
  • Regular security patches and updates
  • Web Application Firewall (WAF)
  • DDoS protection
  • Regular backups with encryption

Access Controls

  • Multi-factor authentication for staff
  • Role-based access control
  • Audit logs for all data access
  • Principle of least privilege
  • Regular access reviews

Application Security

  • Input validation and sanitization
  • Protection against OWASP Top 10
  • Regular security testing
  • Secure development practices
  • Code reviews

Your Security Responsibilities

Password Security

  • Use a strong, unique password
  • Enable two-factor authentication (when available)
  • Don't share your password
  • Change password if compromised

Account Security

  • Keep your email secure
  • Log out from shared devices
  • Monitor account activity
  • Report suspicious activity immediately

Data Upload Security

  • Only upload your own bills
  • Verify URLs before clicking
  • Don't upload sensitive documents unrelated to utilities

Reporting Security Issues

If you discover a security vulnerability:

  1. DO NOT post it publicly
  2. Email us at: security@whythehighbill.com
  3. Include:
    • Description of the issue
    • Steps to reproduce
    • Potential impact
    • Your contact information

Our Response

  • Acknowledgment within 24 hours
  • Investigation and validation
  • Fix development and testing
  • Notification of resolution

Incident Response

In case of a security incident:

  1. Immediate containment
  2. Investigation and assessment
  3. User notification (if required)
  4. Remediation
  5. Post-incident review

Compliance

We comply with:

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Industry security standards
  • PCI DSS (for payment processing)

Security Updates

We regularly update our security measures. Major changes will be communicated via:

  • Email notifications
  • Website announcements
  • Updated documentation

Contact

For security concerns:

Security Team: security@whythehighbill.com
General Privacy: privacy@whythehighbill.com

Your security is our priority. Thank you for trusting WhyTheHighBill.com with your data.