Security
pgfence is built around a narrow trust boundary: local analysis first, cloud governance second. The analyzer runs on your files, not inside your database.
Data handling
- The CLI analyzes migration files locally.
- The design-partner cloud workflow is intended to use stats snapshots instead of production database credentials.
- We do not ask for passwords, tokens, or direct write access to your database just to analyze a migration.
Website trust
- This site serves its fonts locally from pgfence.com.
- The public website does not offer account creation, login, or authenticated workspace access today.
- If first-party funnel analytics are enabled, they are limited to pricing, cloud, and contact page views plus explicitly tagged CTA clicks, and the payload is limited to
event,site,page_path,page_title,referrer,utm_source,utm_medium,utm_campaign,utm_content,utm_term,cta_id,cta_location, andcta_destination. - The tracking layer respects browser Do Not Track and Global Privacy Control signals.
- The footer links to the privacy and terms pages so reviewers can inspect the current legal and product boundary quickly.
- The public website is intended to explain the product and design-partner program, not collect sensitive operational data by default.
Vulnerability disclosure
If you believe you found a security issue, please email contact@pgfence.com with a clear reproduction path and impact summary.
Enterprise review
If your team needs a security questionnaire, architecture review, or procurement packet for a design-partner evaluation, start at contact.