Get TransitFare

You are in:  

TransitFare Security

We are Serious about Security.

Updated: February 6, 2026

At TransitFare, security is a core pillar of our product development and operations. We understand that whether you are a transit rider or a transit agency, you rely on us to protect your information. We are committed to implementing robust technical and organizational measures designed to safeguard the confidentiality, integrity, and availability of your data.

NOTE TO COMMERCIAL CUSTOMERS: This Security Statement outlines our general security practices for our public-facing products. If you are a municipality or transit agency with a separate Master Services Agreement (MSA), the specific security obligations, SLAs, and data protection requirements in that MSA shall prevail over this statement.

Security Measures

Application Security

We implement proactive defenses within our software to help protect against external threats. Our focus includes secure coding practices, robust authentication, and comprehensive data validation.

  • Development Practices: We adhere to secure coding guidelines aligned with industry standards (such as OWASP) to mitigate common vulnerabilities like SQL injection and Cross-Site Scripting (XSS).
  • Authentication and Authorization: We enforce strict user roles and access controls to ensure users only access data necessary for their function.
  • Secure APIs: Our APIs are secured using industry-standard encryption protocols (e.g., TLS) to protect data in transit.
  • Regular Testing: We conduct regular security assessments and code reviews to identify and address potential vulnerabilities.

Data Security

We employ encryption, access control, and monitoring to maintain the integrity of our databases.

  • Encryption: We encrypt sensitive data at rest and in transit using strong encryption standards.
  • Access Controls: Access to production databases is restricted to authorized personnel based on the principle of least privilege.
  • Backups: Databases are regularly backed up to safeguard data integrity and availability.
  • Monitoring: We monitor database activity to detect and respond to anomalous behavior.

Infrastructure Security

Our infrastructure is designed to be resilient and secure.

  • Cloud Hosting: Our services are hosted on Amazon Web Services (AWS), utilizing their industry-leading physical and environmental security controls.
  • Patch Management: We maintain a rigorous patch management process to ensure servers, operating systems, and applications are updated with critical security patches.

Your Responsibilities

Security is a shared responsibility. We ask that you:

  • Keep your account credentials confidential and secure.
  • Use a strong, unique password for your account.
  • Log out of your account after use, especially on shared devices.
  • Notify us immediately if you suspect unauthorized access to your account.

Vulnerability Reporting & Responsible Disclosure

If you believe you have identified a potential security vulnerability in our products, we encourage you to report it to us responsibly.

How to Report:
Please contact us at security@transitfare.com with the following details:

  • The type of vulnerability (e.g., XSS, SQLi).
  • A detailed description of the issue and how it was discovered.
  • Steps to reproduce the vulnerability (proof of concept).
  • Potential impact or risk.

Our Commitment to Researchers (Safe Harbor):

  • TransitFare will not pursue legal action against researchers who:
  • Report vulnerabilities in good faith and in accordance with this policy.
  • Do not access, modify, or delete data belonging to other users.
  • Do not disrupt our services (e.g., DoS attacks).
  • Give us a reasonable amount of time to resolve the issue before making it public.

Our Response:

  • Acknowledgment: We aim to acknowledge receipt of your report within 72 hours.
  • Investigation: We will investigate the issue and verify the vulnerability.
  • Resolution: We will take appropriate steps to remediate validated vulnerabilities.

Contact

For security-related inquiries, please contact: security@transitfare.com

For general inquiries:

TransitFare & Systems Ltd
Unit 42
760 Birchmount Road
Toronto, ON M1K 5H8
Canada
1 (877) 993-0001