Legal
Security
Effective May 20, 2026
Infrastructure
Crescence runs on reputable cloud infrastructure providers that maintain SOC 2 Type II certification and encrypt data at rest (AES-256) and in transit (TLS 1.2+).
Each account's data is isolated: brand and office data cannot be accessed across tenants through our API. Privileged backend access is restricted to server-side environments and is never exposed to the browser.
Authentication
Identity and sessions are handled by our authentication provider. Passwords are hashed with bcrypt. Two-factor authentication (TOTP) is available and recommended for all accounts.
Session tokens expire after 24 hours of inactivity. Refresh tokens are rotated on each use. Magic links expire in 10 minutes and are single-use.
Payments
All payment processing is handled by Stripe, a PCI DSS Level 1 certified provider. Crescence never stores raw card numbers or bank account details. Payouts to brands are processed via Stripe Connect.
Data handling
User data is stored in a US-based managed database. Backups are taken daily and retained for 30 days. Data is encrypted at rest using AES-256.
Crescence does not sell personal data to third parties. Data is shared with sub-processors only as necessary to operate the platform. See our subprocessors list for the current set.
Access controls
Internal access to production data is restricted to the founding team. All access is authenticated, logged, and audited. We follow the principle of least privilege for all service accounts.
Vulnerability disclosure
We take security reports seriously and respond to all disclosures. If you discover a vulnerability, please email hellocrescence@gmail.com with a description of the issue and steps to reproduce. We will acknowledge your report within 24 hours and keep you updated on our response.
We ask that you do not publicly disclose the issue until we have had a reasonable opportunity to investigate and remediate. We do not take legal action against good-faith security researchers.
Responsible disclosure
Security reports can be sent to: hellocrescence@gmail.com.