StatCrowd logo
Security

Security Policy

Last updated: August, 2025

This Security Policy describes the measures Panorama Diesel, LLC ("Company," "We," "Us," or "Our") has implemented to safeguard the security and integrity of the StatCrowd service ("Service"). We recognize the importance of protecting Your data and maintaining Your trust. While We cannot disclose all details of Our security practices (to avoid aiding potential attackers), this Policy provides an overview of the safeguards We maintain.

Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or plural.

Definitions

For the purposes of this Security Policy:

  • Company refers to Panorama Diesel, LLC, 2020 Howell Mill Rd, NW, Suite D354, Atlanta, GA 30318.
  • Service refers to the Website.
  • Website refers to StatCrowd, accessible from https://statcrowd.com.
  • You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

Data Center Security & Server Locations

  • The Service operates on servers located in world-class data centers in the United States.
  • Physical access to these facilities is restricted by 24/7 monitoring, biometric authentication, and other industry-standard protections.
  • Distributed denial-of-service (DDoS) mitigation measures are in place at all data centers.
  • While We maintain disaster recovery and continuity measures, We do not maintain a formal continuity plan for catastrophic, low-probability events such as nuclear incidents.

Protection from Data Loss and Corruption

  • User accounts are logically segregated to prevent overlap or data corruption.
  • The Service's infrastructure includes network firewalls, intrusion detection and prevention systems (IDS/IPS), and traffic monitoring controls.
  • Account data is mirrored and backed up regularly to secure off-site locations.

Application-Level Security

  • StatCrowd account passwords are hashed and cannot be viewed by Company personnel. Lost passwords must be reset.
  • All login and application traffic is encrypted using TLS 1.2 or higher.
  • Brute force protection is implemented on login endpoints.
  • Regular external and internal penetration testing is conducted, covering infrastructure, application vulnerabilities, and simulated social engineering attacks.
  • Identified vulnerabilities are remediated promptly. Test findings are confidential and not shared externally.

Internal IT Security

  • Company offices are secured through keycard and biometric access.
  • Office networks are segmented and centrally monitored.
  • An internal security team continuously assesses vulnerabilities, conducts penetration testing, and runs social engineering drills.

Employee Security & Safeguards

  • Employees receive ongoing training in security awareness, including identifying phishing and social engineering attempts.
  • Personnel with access to customer data undergo background checks prior to employment.
  • All employees and contractors are required to sign Non-Disclosure Agreements (NDAs) and complete training on the Company's Code of Conduct and security policies.
  • The Company maintains comprehensive insurance coverage, which includes, but is not limited to, cyber liability, data privacy incidents, errors and omissions, and business interruption.

Safeguarding Your Account

While the Company maintains extensive safeguards, account security also depends on You.

  • Accounts may be suspended automatically if suspicious login activity is detected.
  • Automated monitoring and human review processes detect anomalous account behavior.
  • Certain account changes, such as password resets, trigger email notifications to the account owner.

Privacy and Compliance

  • The Company's privacy team works with product and engineering teams to ensure compliance with applicable data protection and anti-spam laws.
  • We regularly review and update the terms and conditions that govern our relationship with You.
  • The Company is committed to compliance with applicable data protection regulations and to providing tools that help customers meet their own compliance requirements.

Responsible Disclosure Program

The Company encourages responsible reporting of potential security vulnerabilities affecting the Service. This program is intended to improve security but does not constitute a public bug bounty, and no compensation is offered for submissions.

Disclosure Guidelines

Researchers must:

  • Report vulnerabilities privately to the Company before any public disclosure.
  • Allow the Company a reasonable time to remediate before sharing with third parties.
  • Provide clear reproduction steps, proof-of-concept details, and affected system information.

Researchers must not:

  • Cause harm to the Company, its customers, employees, or partners.
  • Disrupt or attempt to disrupt the Service (including denial-of-service attacks).
  • Engage in illegal activities or violate applicable laws.
  • Access, copy, share, or delete StatCrowd customer data. If personally identifiable information (PII) is encountered, research must stop and the Company must be notified immediately.
  • Conduct fraudulent transactions during testing.

Out-of-Scope Vulnerabilities

The following are excluded from scope under this program:

  • Phishing attempts
  • Social engineering attacks
  • Physical security assessments
  • Denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks

Contact

If You believe You have discovered a security vulnerability or have questions about this Policy, please contact Us at:

security@statcrowd.com

Security Policy | StatCrowd