Data Protection

• All connections to PedigreeForge use TLS 1.2 or higher. Every page, API call, and file upload is encrypted between your browser and our servers. There is no unencrypted HTTP access.
• Database connections are encrypted with TLS and require certificate verification. Data never travels between our application and database servers in plain text.
• File uploads (animal photos, certificates, documents) are transferred directly to encrypted cloud storage via signed URLs. Files are never routed through our application servers.

• Your database is stored on infrastructure that encrypts all data at rest using AES-256 encryption. This is applied automatically at the storage layer — individual records do not need to be encrypted by the application.
• Uploaded files (photos, certificates, documents) are stored in encrypted cloud object storage.
• Database backups are independently encrypted before being stored offsite. Even if the backup storage were compromised, the data would be unreadable without the encryption key.

We maintain multiple independent backup layers so that no single failure can result in data loss. Your registry data is protected by:

• Continuous point-in-time recovery. Our database infrastructure captures every change as it happens. We can restore your data to any point in time within our retention window — not just the last nightly backup, but to the exact second before an issue occurred.
• Pre-deployment snapshots. Before every software update, an automatic snapshot of the database is taken. If an update causes any issue, we can restore to the pre-update state in minutes.
• Encrypted offsite backups. Regular full database backups are encrypted and stored in a geographically separate location from the primary database. This protects against the unlikely event of a complete infrastructure provider failure.
• Verified backups. Every backup is automatically tested to confirm it can be successfully restored. We do not discover backup problems during a crisis — we catch them before they matter.
• Regular restore drills. We periodically perform full restore exercises to verify our recovery procedures work end-to-end, and we document the results.

• Multi-availability-zone storage. Your database is stored across multiple independent data centres within a region. If one data centre experiences an outage, your data remains available from another.
• Globally distributed content delivery. Public registry pages, animal profiles, and static assets are served from a network of over 300 edge locations worldwide. This means fast page loads wherever you are — whether you're at a show in Sydney, a sale in Texas, or a committee meeting in London.
• Automated health monitoring. Our systems continuously monitor database health, application responsiveness, and backup integrity. If an issue is detected, our team is alerted immediately.
• Automatic scaling. During high-traffic periods — show entry deadlines, registration rushes, AGM season — the platform automatically scales to handle the load. You will never be told to “try again later” because the server is busy.

• Authentication. User accounts are managed by a dedicated, enterprise-grade authentication provider. Passwords are never stored by PedigreeForge — they are hashed and managed by the auth provider with support for multi-factor authentication, social login, and magic links.
• Authorisation. Every API request verifies not just that you are logged in, but that you have permission to access the specific resource you are requesting. A breeder cannot access another breeder's private records. A member cannot perform admin actions. These checks are enforced server-side — they cannot be bypassed by modifying the browser.
• Audit trail. Every significant action — registration approvals, ownership transfers, record changes, role assignments — is logged with the actor, timestamp, and details of the change. This trail is available to society admins and registrars for governance and dispute resolution.
• Security headers. The application enforces Content Security Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, and Permissions-Policy headers to protect against cross-site scripting, clickjacking, and other browser-level attacks.
• Rate limiting. Authentication endpoints and sensitive operations are protected by rate limiting to prevent brute-force attacks and abuse.
• Webhook verification. All incoming webhooks from third-party services (payment provider, auth provider) are cryptographically verified before processing. Forged or replayed webhooks are rejected.

• All payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor. PedigreeForge never sees, stores, or processes your credit card number.
• Society dues collection uses Stripe Connect — your society is the merchant of record, and member payment details are handled entirely by Stripe.

• Data export. You can export your animal records, member lists, and audit logs as CSV files at any time. Your data is not locked in — you can take it with you.
• Data retention after cancellation. If you cancel your subscription, your data is preserved in read-only mode. You retain access to download and export your records. We do not delete your data as leverage to prevent cancellation.
• Right to deletion. You may request full deletion of your personal data and account at any time, subject to any legal retention obligations. See our Privacy Policy for details.