Security & trust

Your data is protected. Your payment is yours.

We built TheTrafficApp to be the driver's advocate — which means being straight with you about your data and your money. Here's exactly how we protect both, in plain English.

🔒 Encrypted Never sold No junk fees Delete anytime

How we protect your information

Security by design

🔐 Encrypted everywhere

All traffic uses HTTPS/TLS. Sensitive fields like your driver's license number are encrypted at rest with AES-256 and only ever decrypted for you.

🔑 Passwords you control

Passwords are hashed with bcrypt — we can never see or recover your plaintext password. Reset links are single-use and expire in an hour.

💳 Payments handled by Stripe

Subscription payments run on Stripe (PCI-DSS Level 1). Your card number never touches our servers — we only store a reference ID.

🛡️ Locked-down infrastructure

Our database isn't exposed to the internet, sits behind a firewall, and is backed up nightly with an off-site copy. Login rate-limiting blocks brute-force attempts.

Our promises

What we'll never do

The incumbents make money from opaque fees and selling data. We don't — and we'll say so out loud.

✅ Never sell your data

Your plates, license, and violation history are yours. We don't sell or rent your personal data to anyone.

✅ Never charge you to pay a ticket

The fine is the fine. We link you straight to the official government site to pay it directly — no surcharge, no markup, no "convenience fee" from us.

✅ Never touch your payment

We don't collect or hold your fine payment. You pay the city on their official portal. That keeps you safe and keeps us honest.

✅ Never keep more than we need

We only store what's needed to monitor your plates and alert you. Delete your account and everything goes with it — in one click.

For the detail-minded (and our partners)

Standards & practices

The specifics behind the promises above — for privacy-conscious users, and for cities and partners reviewing us.

Data in transitHTTPS/TLS everywhere (site and API), via nginx + Let's Encrypt.
Data at restDriver's-license numbers encrypted with AES-256-GCM; keys held server-side, never in code or the repo.
Passwordsbcrypt hashing; plaintext never stored or recoverable.
SessionsSigned JWT (7-day expiry). Password resets are single-use, 1-hour, hashed tokens.
PaymentsStripe Checkout (PCI-DSS Level 1). Card data never reaches our servers.
Abuse protectionRate-limiting on auth endpoints; firewall + fail2ban; database not exposed to the internet.
BackupsNightly encrypted database backups with a separate off-site copy.
Consent & legal basisExplicit authorization captured at signup, with a DPPA permissible-use basis for the plates you add.
Data access scopeWe only access information a driver could look up themselves on public and self-service portals. We do not touch law-enforcement (CJIS) systems.
Your rightsView, update, or permanently delete your account and all associated data at any time from your dashboard.

On our roadmap: a formal third-party penetration test and a SOC 2 assessment as we grow. We publish what we do today honestly, and we'll update this page as we add to it. Questions? Email keya@thetrafficapp.app.

Ready when you are

Create a free account to save your plates and get alerted before late fees hit — or check a plate right now, no account needed.