Security | NewSUV.net

Our Security Philosophy

NewSUV.net is built on a foundation of privacy-by-design and security-first principles. We collect minimal data, encrypt everything in transit, and never store your personal vehicle choices or financial details.

Security Measures

HTTPS Encryption

All data transmission uses TLS 1.3 encryption. Your calculations are encrypted from your browser to our servers.

No Personal Data Storage

Your vehicle choices and financial figures are processed locally in your browser and never saved to our servers.

Secure Infrastructure

Hosted on Vercel's enterprise-grade infrastructure with automatic security updates and DDoS protection.

Input Sanitization

All user inputs are validated and sanitized to prevent SQL injection, XSS attacks, and other security vulnerabilities.

Rate Limiting

Maximum 60 calculations per IP per hour to prevent abuse and ensure service availability for all users.

Error Monitoring

Real-time error tracking and security monitoring to detect and respond to potential threats immediately.

What Data We Process

Calculator Inputs (Not Stored)

These are processed in real-time but never saved:

Vehicle prices and financial figures
Province selection and postal code (for tax calculations only)
Loan terms, interest rates, and payment preferences

Important: These inputs are processed locally in your browser. They are only sent to our servers for tax rate lookups and are immediately discarded after calculation.

Anonymous Analytics (Aggregate Only)

We collect anonymous usage patterns:

Which calculators are used most frequently
Device type and browser (for optimization)
General geographic region (province level only)
Time spent on calculators

This data is aggregated and anonymized. We cannot identify individual users or their specific calculations.

Cookie Policy

We use minimal, essential cookies only:

Session Management

Temporary cookie to maintain your session. Expires after 24 hours.

User Preferences

Stores your dark mode preference and last-selected province. Never expires.

Analytics (Anonymous)

Google Analytics with IP anonymization. Used for aggregate usage statistics only.

We do NOT use: Tracking pixels, advertising cookies, or third-party marketing cookies.

Canadian Privacy Compliance

NewSUV.net complies with all Canadian privacy legislation:

PIPEDA: Personal Information Protection and Electronic Documents Act - We collect minimal personal information and protect what we do collect
CASL: Canadian Anti-Spam Legislation - We never send unsolicited emails and require explicit opt-in for any communications
Provincial Privacy Laws: We comply with additional provincial requirements where applicable (BC PIPA, Alberta PIPA, Quebec Law 25)

Accessibility & Security

Our WCAG 2.1 AA accessibility compliance includes security features:

Clear focus indicators prevent phishing attacks
Screen reader support ensures all users can verify security indicators
Keyboard navigation allows secure browsing without mouse
High contrast mode makes security warnings clearly visible

Security Incident Response

In the unlikely event of a security incident:

We will investigate and contain the incident within 1 hour
Affected users will be notified within 24 hours
We will provide clear guidance on any required actions
A full incident report will be published within 72 hours
We will implement additional safeguards to prevent recurrence

Third-Party Security

We carefully vet all third-party services:

Vercel (Hosting): SOC 2 Type II certified, GDPR compliant
Google Analytics: IP anonymization enabled, minimal data collection
Data APIs: All connections use HTTPS, API keys rotated quarterly

Report Security Issues

If you discover a security vulnerability, please report it responsibly:

Security Team

Email: security@newsuv.net

We take all security reports seriously and will respond within 24 hours. We appreciate responsible disclosure and will credit researchers who help us improve our security.

Questions About Security

If you have questions about our security practices or data protection measures, contact: security@newsuv.net

Our Security Philosophy

Security Measures

HTTPS Encryption

All data transmission uses TLS 1.3 encryption. Your calculations are encrypted from your browser to our servers.

No Personal Data Storage

Your vehicle choices and financial figures are processed locally in your browser and never saved to our servers.

Secure Infrastructure

Hosted on Vercel's enterprise-grade infrastructure with automatic security updates and DDoS protection.

Input Sanitization

All user inputs are validated and sanitized to prevent SQL injection, XSS attacks, and other security vulnerabilities.

Rate Limiting

Maximum 60 calculations per IP per hour to prevent abuse and ensure service availability for all users.

Error Monitoring

Real-time error tracking and security monitoring to detect and respond to potential threats immediately.

What Data We Process

Calculator Inputs (Not Stored)

These are processed in real-time but never saved:

Vehicle prices and financial figures
Province selection and postal code (for tax calculations only)
Loan terms, interest rates, and payment preferences

Important: These inputs are processed locally in your browser. They are only sent to our servers for tax rate lookups and are immediately discarded after calculation.

Anonymous Analytics (Aggregate Only)

We collect anonymous usage patterns:

Which calculators are used most frequently
Device type and browser (for optimization)
General geographic region (province level only)
Time spent on calculators

This data is aggregated and anonymized. We cannot identify individual users or their specific calculations.

Cookie Policy

We use minimal, essential cookies only:

Session Management

Temporary cookie to maintain your session. Expires after 24 hours.

User Preferences

Stores your dark mode preference and last-selected province. Never expires.

Analytics (Anonymous)

Google Analytics with IP anonymization. Used for aggregate usage statistics only.

We do NOT use: Tracking pixels, advertising cookies, or third-party marketing cookies.

Canadian Privacy Compliance

NewSUV.net complies with all Canadian privacy legislation:

PIPEDA: Personal Information Protection and Electronic Documents Act - We collect minimal personal information and protect what we do collect
CASL: Canadian Anti-Spam Legislation - We never send unsolicited emails and require explicit opt-in for any communications
Provincial Privacy Laws: We comply with additional provincial requirements where applicable (BC PIPA, Alberta PIPA, Quebec Law 25)

Accessibility & Security

Our WCAG 2.1 AA accessibility compliance includes security features:

Clear focus indicators prevent phishing attacks
Screen reader support ensures all users can verify security indicators
Keyboard navigation allows secure browsing without mouse
High contrast mode makes security warnings clearly visible

Security Incident Response

In the unlikely event of a security incident:

We will investigate and contain the incident within 1 hour
Affected users will be notified within 24 hours
We will provide clear guidance on any required actions
A full incident report will be published within 72 hours
We will implement additional safeguards to prevent recurrence

Third-Party Security

We carefully vet all third-party services:

Vercel (Hosting): SOC 2 Type II certified, GDPR compliant
Google Analytics: IP anonymization enabled, minimal data collection
Data APIs: All connections use HTTPS, API keys rotated quarterly

Report Security Issues

If you discover a security vulnerability, please report it responsibly:

Security Team

Email: security@newsuv.net

We take all security reports seriously and will respond within 24 hours. We appreciate responsible disclosure and will credit researchers who help us improve our security.

Questions About Security

If you have questions about our security practices or data protection measures, contact: security@newsuv.net

Security & Data Protection

Our Security Philosophy

Security Measures

HTTPS Encryption

No Personal Data Storage

Secure Infrastructure

Input Sanitization

Rate Limiting

Error Monitoring

What Data We Process

Calculator Inputs (Not Stored)

Anonymous Analytics (Aggregate Only)

Cookie Policy

Canadian Privacy Compliance

Accessibility & Security

Security Incident Response

Third-Party Security

Report Security Issues

Questions About Security

Security & Data Protection

Our Security Philosophy

Security Measures

HTTPS Encryption

No Personal Data Storage

Secure Infrastructure

Input Sanitization

Rate Limiting

Error Monitoring

What Data We Process

Calculator Inputs (Not Stored)

Anonymous Analytics (Aggregate Only)

Cookie Policy

Canadian Privacy Compliance

Accessibility & Security

Security Incident Response

Third-Party Security

Report Security Issues

Questions About Security