Security & privacy
Your clients' data, handled carefully.
Buklot stores real client information, so we build it to protect it. Here is exactly how, on every plan. No add-ons, no upsell.
- GDPR cookie consent ships on by default. Nothing tracks a visitor until they accept, and the choice can be changed or withdrawn any time from the footer.
- One-click export and delete-my-data flows for any client record, so you can honour data access and erasure requests.
- All payments run through Stripe Checkout. Card details are entered on Stripe, never on your site, so card data never touches our servers and PCI scope stays with Stripe.
- Your data lives in file-locked JSON, not a shared database, so there is no SQL surface to attack. Download an encrypted backup any time; your data is yours to keep.
- Everything is served over HTTPS, encrypted in transit. Admin passwords are hashed with PBKDF2 and never stored in plain text.
- Login and sensitive actions are rate-limited to slow down brute-force attempts, and an append-only audit log records administrative changes.
A security question or a data request?
Email hello@buklot.com and a person will reply.
hello@buklot.com