Security Practices

GuildPass Security Overview

GuildPass LLC is committed to protecting creator and member data. We follow industry-standard security practices across the entire platform.

1. Infrastructure Security

GuildPass uses secure cloud providers including:

• Render / AWS for hosting

• Neon for Postgres

• Encrypted storage

• Multi-zone redundancy

Access to production systems is restricted and logged.

2. Data Encryption

• All data is encrypted in transit using TLS 1.2+

• Sensitive information is encrypted at rest

• OAuth tokens are stored using restricted secure storage

We never store:

• passwords

• full Stripe tokens

• credit card numbers

3. Application Security

• Least-privilege role enforcement

• Rate limiting

• Webhook signature verification

• Strict API permissions

• Regular dependency updates

• Continuous logging and alerting

4. Discord & Stripe Integration Security

GuildPass uses:

• Discord OAuth2 (scoped tokens only)

• Stripe Connect (restricted keys)

• Role updates through the Discord API with limited bot permissions

5. Employee Access

GuildPass LLC is a single-member company. Access to production systems is limited to the founder only.

6. Data Retention

We retain:

• Discord IDs

• Stripe customer IDs

• Role assignments

• Audit logs (temporary)

We do not retain chat messages or personal content.

7. Vulnerability Handling

If you discover a vulnerability:

Email: security@guildpass.app

We typically respond within 48 hours.