Meta tags:
description= CostLoop security overview: Cloudflare infrastructure, SSL/TLS encryption, GDPR compliance, no bank connections, and transparent subprocessor list.;
Headings (most frequently used words):
security, overview, infrastructure, hosting, data, privacy, practices, compliance, regulations, independent, verification, subprocessors, responsible, disclosure, contact,
Text of the page (most frequently used words):
costloop (25), and (24), #security (23), policy (16), data (12), the (11), app (8), addressed (8), all (7), privacy (6), contact (6), for (6), with (5), our (5), stripe (5), headers (5), ssl (5), payment (5), alternatives (4), hello (4), you (4), not (4), supabase (4), malware (4), http (4), status (4), verify (4), user (4), subscription (3), about (3), blog (3), pricing (3), features (3), medium (3), requests (3), within (3), disclosure (3), subprocessors (3), hosted (3), google (3), safe (3), browsing (3), tls (3), independently (3), following (3), account (3), gdpr (3), practices (3), does (3), marketing (3), are (3), stored (3), never (3), via (3), origin (3), https (3), cloudflare (3), home (3), dpa (2), terms (2), norway (2), processing (2), tracker (2), browse (2), category (2), compare (2), press (2), help (2), product (2), subscriptions (2), recurring (2), small (2), businesses (2), freelancers (2), questions (2), enterprise (2), business (2), operate (2), this (2), database (2), web (2), hosting (2), providers (2), third (2), service (2), list (2), including (2), available (2), page (2), run (2), scan (2), independent (2), inspect (2), check (2), phishing (2), flags (2), test (2), labs (2), can (2), european (2), union (2), across (2), users (2), documentation (2), overview (2), regulations (2), trackers (2), only (2), analytics (2), consent (2), type (2), handled (2), card (2), bank (2), banking (2), credentials (2), financial (2), content (2), cross (2), protection (2), strict (2), options (2), pages (2), infrastructure (2), get (2), started (2), free (2), sign (2), customer (2), stories (2), cookies, 2026, antevski, enk, org, 934, 334, 507, oslo, cookie, refund, agreement, conditions, legal, best, cledara, expensify, spreadsheets, faq, center, chrome, extension, integrations, scandinavian, quality, made, love, peerlist, twitter, hunt, dev, linkedin, track, licenses, renewals, software, costs, built, related, whitelisting, reviews, respond, day, also, documented, well, known, txt, discover, vulnerability, please, report, responsibly, emailing, subject, line, will, acknowledge, receipt, days, work, resolve, confirmed, issues, promptly, bug, bounty, programme, time, responsible, current, payments, auth, transactional, email, non, under, standard, contractual, clauses, sccs, vercel, resend, uses, minimal, set, party, deliver, full, purpose, processed, transfer, mechanisms, each, provider, sucuri, sitecheck, certificate, grade, using, tools, required, verification, dpdp, india, pdpa, thailand, singapore, pipa, south, korea, appi, japan, pipl, china, fadp, switzerland, united, kingdom, regulation, region, designed, support, aligned, applies, safeguards, maintain, subprocessor, that, addresses, compliance, sell, parties, use, advertising, build, profiles, purposes, tool, used, mode, collected, without, explicit, tracking, selling, records, soc, compliant, encrypts, rest, transit, passwords, hashed, plain, text, authentication, billing, entirely, inc, pci, dss, level, certified, processor, sees, stores, processes, raw, numbers, com, docs, connects, your, integrates, open, apis, add, manually, sensitive, servers, connections, has, unsafe, clean, sets, responses, camera, microphone, geolocation, disabled, opener, xss, permissions, referrer, when, frame, deny, nosniff, traffic, served, exclusively, over, automatically, redirected, transport, hsts, enabled, configuration, encrypted, enforced, website, deployed, one, world, largest, most, trusted, cdn, platforms, provides, ddos, application, firewall, waf, automatic, edge, caching, 300, global, centres, cost, summarises, measures, place, have, additional, reference, document, administrators, teams, buyers, evaluating, company, changelog, top, explore,
Text of the page (random words):
security costloop costloop home features pricing blog explore compare all alternatives top trackers changelog browse by category company about contact customer stories press sign in get started free home features pricing blog alternatives about contact customer stories sign in get started free home security security overview a reference document for it administrators security teams and enterprise buyers evaluating costloop costloop is a subscription and recurring cost tracker for small and medium businesses and freelancers this page summarises the security measures infrastructure and data practices in place if you have additional questions contact us at hello costloop app infrastructure hosting hosted on cloudflare pages the costloop marketing website is deployed via cloudflare pages one of the world s largest and most trusted cdn and security platforms cloudflare provides ddos protection web application firewall waf and automatic edge caching across 300 global data centres ssl tls encrypted https enforced all traffic to costloop app and app costloop app is served exclusively over https with tls 1 2 1 3 http requests are automatically redirected to https http strict transport security hsts is enabled you can verify our ssl configuration independently via ssl labs ️ security headers costloop sets the following http security headers on all responses x content type options nosniff x frame options deny referrer policy strict origin when cross origin permissions policy camera microphone geolocation and payment all disabled x xss protection and cross origin opener policy clean malware safe browsing status costloop app has no malware phishing or unsafe content flags verify independently google safe browsing data privacy practices no bank connections or financial credentials costloop never connects to your bank account requests banking credentials or integrates with open banking apis users add subscriptions manually no sensitive financial data is stored on costloop servers payment card data handled by stripe only billing and payment processing is handled entirely by stripe inc a pci dss level 1 certified payment processor costloop never sees stores or processes raw payment card numbers stripe s security documentation is available at stripe com docs security ️ database authentication via supabase eu user account data and subscription records are stored in supabase hosted within the european union supabase is soc 2 type ii compliant and encrypts data at rest and in transit passwords are hashed and never stored in plain text no marketing tracking or data selling costloop does not sell user data to third parties does not use advertising trackers and does not build user profiles for marketing purposes the only analytics tool used is google analytics with consent mode v2 no data is collected without explicit user consent compliance regulations costloop is designed to support gdpr aligned privacy practices and applies privacy safeguards across all users we maintain documentation including a dpa subprocessor list privacy policy and security overview that addresses the following regulations region regulation status european union gdpr addressed in policy united kingdom uk gdpr addressed in policy switzerland fadp addressed in policy china pipl addressed in policy japan appi addressed in policy south korea pipa addressed in policy thailand singapore pdpa addressed in policy india dpdp addressed in policy independent verification you can verify costloop s security status independently using the following tools no account required ssl labs test check our tls ssl certificate grade run test ️ google safe browsing verify no malware or phishing flags check status security headers inspect our http security headers inspect headers sucuri sitecheck independent malware scan run scan subprocessors costloop uses a minimal set of third party service providers to deliver the service a full list including the purpose data processed and transfer mechanisms for each provider is available on our subprocessors page current subprocessors stripe payments supabase database auth eu hosted resend transactional email vercel web hosting all non eu providers operate under standard contractual clauses sccs responsible disclosure if you discover a security vulnerability in costloop please report it responsibly by emailing hello costloop app with the subject line security disclosure we will acknowledge receipt within 2 business days and work to resolve confirmed issues promptly we do not operate a bug bounty programme at this time our security disclosure policy is also documented at well known security txt contact for security related questions it whitelisting requests or enterprise security reviews contact us at hello costloop app we respond within 1 business day costloop track subscriptions licenses renewals and recurring software costs built for small and medium businesses and freelancers hello costloop app linkedin medium dev to product hunt x twitter peerlist scandinavian quality made in norway with love product features pricing integrations blog chrome extension help contact us about help center faq security press compare browse by category costloop vs spreadsheets costloop vs expensify cledara alternatives best subscription tracker all alternatives legal privacy policy terms conditions data processing agreement refund policy cookie policy security 2026 costloop antevski enk org no 934 334 507 oslo norway privacy terms dpa cookies
|