🔐 Encrypted everywhere
All traffic uses HTTPS/TLS. Sensitive fields like your driver's license number are encrypted at rest with AES-256 and only ever decrypted for you.
We built TheTrafficApp to be the driver's advocate — which means being straight with you about your data and your money. Here's exactly how we protect both, in plain English.
How we protect your information
All traffic uses HTTPS/TLS. Sensitive fields like your driver's license number are encrypted at rest with AES-256 and only ever decrypted for you.
Passwords are hashed with bcrypt — we can never see or recover your plaintext password. Reset links are single-use and expire in an hour.
Subscription payments run on Stripe (PCI-DSS Level 1). Your card number never touches our servers — we only store a reference ID.
Our database isn't exposed to the internet, sits behind a firewall, and is backed up nightly with an off-site copy. Login rate-limiting blocks brute-force attempts.
Our promises
The incumbents make money from opaque fees and selling data. We don't — and we'll say so out loud.
Your plates, license, and violation history are yours. We don't sell or rent your personal data to anyone.
The fine is the fine. We link you straight to the official government site to pay it directly — no surcharge, no markup, no "convenience fee" from us.
We don't collect or hold your fine payment. You pay the city on their official portal. That keeps you safe and keeps us honest.
We only store what's needed to monitor your plates and alert you. Delete your account and everything goes with it — in one click.
For the detail-minded (and our partners)
The specifics behind the promises above — for privacy-conscious users, and for cities and partners reviewing us.
| Data in transit | HTTPS/TLS everywhere (site and API), via nginx + Let's Encrypt. |
| Data at rest | Driver's-license numbers encrypted with AES-256-GCM; keys held server-side, never in code or the repo. |
| Passwords | bcrypt hashing; plaintext never stored or recoverable. |
| Sessions | Signed JWT (7-day expiry). Password resets are single-use, 1-hour, hashed tokens. |
| Payments | Stripe Checkout (PCI-DSS Level 1). Card data never reaches our servers. |
| Abuse protection | Rate-limiting on auth endpoints; firewall + fail2ban; database not exposed to the internet. |
| Backups | Nightly encrypted database backups with a separate off-site copy. |
| Consent & legal basis | Explicit authorization captured at signup, with a DPPA permissible-use basis for the plates you add. |
| Data access scope | We only access information a driver could look up themselves on public and self-service portals. We do not touch law-enforcement (CJIS) systems. |
| Your rights | View, update, or permanently delete your account and all associated data at any time from your dashboard. |
On our roadmap: a formal third-party penetration test and a SOC 2 assessment as we grow. We publish what we do today honestly, and we'll update this page as we add to it. Questions? Email keya@thetrafficapp.app.
Create a free account to save your plates and get alerted before late fees hit — or check a plate right now, no account needed.